Javascript 违反以下内容安全政策指令
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/53369507/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
violates the following Content Security Policy directive
提问by Hari9513
When I Upload a Image into my web APP, it showing below error
当我将图像上传到我的网络应用程序时,它显示以下错误
Refused to load the image '
<URL>because it violates the following Content Security Policy directive: "default-src * data: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
拒绝加载图像 '
<URL>因为它违反了以下内容安全策略指令:“default-src * data: 'unsafe-eval' 'unsafe-inline'”。请注意,'img-src' 未明确设置,因此使用 'default-src' 作为后备。
I try to solve this error by using following code
我尝试使用以下代码解决此错误
<meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
but it is not working, could any one please help in this regard
但它不起作用,任何人都可以在这方面提供帮助
回答by Abinash
Not sure why you are using an "*", i am using similar kind of stuff but my meta tag looks something like this and it works fine for me.
不知道你为什么使用“*”,我使用了类似的东西,但我的元标记看起来像这样,它对我来说很好用。
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self';font-src 'self'; img-src 'self' data: https:; style-src 'self' ; script-src 'self'">Hope this helps
希望这可以帮助
