防止图像加载的内容安全策略
[英]Content Security Policy preventing images from loading
问题描述
I have an express app which is loading some external assets, but they're getting blocked by CSP.
我有一个正在加载一些外部资产的快速应用程序,但它们被 CSP 阻止。 I've never had this issue before, but this is the first time im using passport.js and helmet.js within an app so maybe this has something to do with their configuration?我以前从未遇到过这个问题,但这是我第一次在应用程序中使用passport.js 和helm.js 所以这可能与他们的配置有关吗?
Refused to load the image 'https://fake-url.com' because it violates the following Content Security Policy directive: "img-src 'self' data:".
I've tried adding a meta tag to allow images from external sources but this seems to have no effect.我尝试添加一个元标记以允许来自外部来源的图像,但这似乎没有效果。 Any help would be appreciated.任何帮助,将不胜感激。
1 个解决方案
解决方案1
1 已采纳 2020-09-05 16:48:42
You have你有
content="default-src 'none'
This prevents loading resources from any source.这可以防止从任何来源加载资源。 Remove it.去掉它。
Then change it to:然后将其更改为:
default-src 'self' fake-url.com';
More info bout the HTTP Content-Security-Policy response header below:有关以下 HTTP Content-Security-Policy响应标头的更多信息:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://content-security-policy.com/ https://content-security-policy.com/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.