allow content_security_policy and Support newtab

[IFtiger-hu-hub]

Describe the problem

Currently, crx cannot develop efficiently with the newtab page configured, as starting the project will fail. If possible, please request support for newtab. Also, // content_security_policy: {
// "extension_pages": "default-src 'self' https:; connect-src 'self' https:; script-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline';"
// }, and also support configuring a more lenient security policy

Describe the proposed solution

I hope that if a lenient security policy is configured in the project, it can open the page pointed to by newtab when starting the project

Alternatives considered

Currently, there is no configuration for content_security_policy, but using some static resources in the project has become more troublesome, especially when referencing static resources within the project, such as images and SVGs in assets

Importance

nice to have

[IFtiger-hu-hub]

I apologize if my description might have some issues. It's about configuring the content_security_policy list field, and at the same time, there's a newtab page. When starting the project, it fails to open the corresponding page for newtab correctly. Additionally, referencing files in assets within the project becomes troublesome. Currently, I'm using external linking to include some static resources. However, they could actually be referenced locally within the project.

[Toumash]

Hey @IFtiger-hu-hub could you please provide an example demonstrating the trouble? We currently do not have any such scenario in the tests directory.

The only thing i've found with extension_pages
packages/vite-plugin/tests/out/vite-self-directive-in-csp/manifest.json

[github-actions]

Thanks for contributing to CRXJS! This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days.

[Toumash]

I'm still unsure what is this issue about as the csp can be modified here: https://github.com/crxjs/chrome-extension-tools/blob/303b6962ece383aeb2f3a7d3c92762feae2e3dc3/packages/vite-plugin/tests/out/vite-self-directive-in-csp/manifest.json
and newtab should use the input: pages as describe in the tutorial https://crxjs.dev/concepts/pages.
Are they not working right now?

[IFtiger-hu-hub]

Thank you for your attention to the issue. Regarding the previously raised question about enabling a lenient CSP policy in the newtab page to freely reference resources, after further consideration, I have decided to follow the development standards and use the chrome.runtime.getURL() method to reference resources within the project. This method complies with the standards and ensures the correct referencing of resources.

Regarding the previously mentioned CSP configuration issue, we can appropriately adjust the configuration in the project to ensure smooth referencing of static resources, such as images and SVG files, during the development process. Additionally, for supporting the newtab page, we will configure it according to the guidance provided in the official tutorial

[Toumash]

Hm so we woul need to update the tutorial or promote the tests more:
here we have a demo for new tab packages\vite-plugin\tests\e2e\mv3-vite-react-new-tab\manifest.json.
Should we add something there also?
Tutorial for assets: https://crxjs.dev/concepts/content

[IFtiger-hu-hub]

Hm so we woul need to update the tutorial or promote the tests more: here we have a demo for new tab packages\vite-plugin\tests\e2e\mv3-vite-react-new-tab\manifest.json. Should we add something there also? Tutorial for assets: https://crxjs.dev/concepts/content

Thank your job

[github-actions]

Thanks for contributing to CRXJS! This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days.