React JS 拒绝加载图像,因为它违反了以下内容安全策略指令
[英]React JS Refuse to load the image because it violates the following Content Security Policy directive
问题描述
I faced this problem when I try to reload my react application web page.
当我尝试重新加载我的 React 应用程序网页时,我遇到了这个问题。 Note: In the development phase there was no issue with this kind of thing, but when I deploy it to production I faced this issue.注意:在开发阶段,这种事情没有问题,但是当我将它部署到生产中时,我遇到了这个问题。 Thank you.谢谢你。
Refused to load the image 'http://104.248.153.121:8080/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
Here is an error image log: Error Log Refuse to load image这是一个错误图像日志:错误日志拒绝加载图像
1 个解决方案
解决方案1
0 2020-02-13 14:10:05
The Content-Security-Policy meta-tag allows you to reduce the risk of XSS attacks by allowing you to define where resources can be loaded from, preventing browsers from loading data from any other locations. Content-Security-Policy 元标记允许您定义可以从何处加载资源,防止浏览器从任何其他位置加载数据,从而降低 XSS 攻击的风险。 This makes it harder for an attacker to inject malicious code into your site.这使得攻击者更难将恶意代码注入您的站点。
Sample that says content="default-src 'self'" means this:表示 content="default-src 'self'" 的示例意味着:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
- How to allow multiple sources?如何允许多个来源?
You can simply list your sources after a directive as a space separated list:您可以简单地在指令后将您的源作为空格分隔的列表列出:
content="default-src 'self' https://example.com/js/"
Note that there are no quotes around parameters other than the special ones, like 'self'.请注意,除了特殊参数(如“self”)之外,参数周围没有引号。 Also, there's no colon (:) after the directive.此外,指令后没有冒号 (:)。 Just the directive, then a space-separated list of parameters.只是指令,然后是空格分隔的参数列表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.