I am receiving a couple of non-critical error messages when using YouTube's Player API inside of a Google Chrome Extension under v2.

I have the following definitions in my content_security_policy:

"content_security_policy": 
    "script-src 'self' https://www.youtube.com/player_api https://s.ytimg.com/yt/jsbin/www-widgetapi-vfl9Ni0ki.js; object-src 'self'"

The first reference, player_api, has a dependency on the widgetapi. This is clear if you navigate to the player_api url and look at its contents:

if (!window['YT']) {var YT = {};}if (!YT.Player) {(function(){var s = 'https:' + '//s.ytimg.com/yt/jsbin/www-widgetapi-vflU5wlSl.js';var a = document.createElement('script');a.src = s;a.async = true;var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);YT.embed_template = "\u003ciframe width=\"425\" height=\"344\" src=\"\" frameborder=\"0\" allowfullscreen\u003e\u003c\/iframe\u003e";})();}

That's all well and good. My content security policy works and YouTube videos load successfully. However, behind the scenes, I see a lot of warnings:

It is my understanding that the message "Unsafe JavaScript attempt to access frame with URL..." is unable to be removed or hidden. If anyone knows of a way to suppress this message, I would be very interested!

I do not have any understanding about the "Unable to post message to ..." error, though. A quick Google turns up a few people experiencing similiar issues, but I did not see any resolution. The widgetAPI is all minified -- making it hard to see what's actually going on.

Am I supposed to be receiving these errors? Is there a way to alleviate the errors? Or even suppress them (since they don't seem to actually break anything)?

Unable to post message to http://www.youtube.com is resolved by wrapping the YTPlayer instantiation code with a $(window).load() instead of a $(document).ready.

Uncaught TypeError: Cannot call method 'apply' of null is resolved by providing functions for onReady, onStateChange, and onError. You cannot provide null for one of these callbacks.

I believe the "Unsafe JavaScript attempt..." message is due to this bug in Chrome/Chromium:

http://code.google.com/p/chromium/issues/detail?id=17325

.. which prevents catching this exception while testing for direct cross-domain communication.

It's safe to ignore that message, but (until that bug gets fixed) there is no way to avoid those warnings.

The other questions have already been answered.