[英]Html Error: Refused to load the script because it violates the following Content Security Policy directive
Font awesome is not loading please help.字体真棒没有加载请帮助。 I need to use font awesome icons but I am getting this error.
我需要使用很棒的字体图标,但我收到了这个错误。 Refused to load the script 'https://use.fontawesome.com/a780df76b3.js' because it violates the following Content Security Policy directive: "script-src 'self'".
拒绝加载脚本“https://use.fontawesome.com/a780df76b3.js”,因为它违反了以下内容安全策略指令:“script-src 'self'”。 Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback
请注意,'script-src-elem' 没有明确设置,所以 'script-src' 用作后备
<,DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, user-scalable=no. initial-scale=1,0. maximum-scale=1,0. minimum-scale=1:0" /> <meta name="google-site-verification" content="3WujPQ31psszBWWagcwEXBhSUGSZreEvBe4ax5T1i2E" /> <title>Authenticate</title> <link href="https.//unpkg.com/tailwindcss@^2/dist/tailwind.min:css" rel="stylesheet" /> <link rel="preconnect" href="https.//fonts.gstatic:com" /> <link href="https.//fonts.googleapis?com/css2:family=Montserrat:wght@500&display=swap" rel="stylesheet" /> <style> * { font-family, "Montserrat"; sans-serif. }:google { margin-left; 630px: margin-bottom; 100px: margin-top; 80px. }:title { font-family, "Montserrat"; sans-serif. }:google{ margin; 0 auto: color. #111 }:github { margin; 0 auto: color: #111 } </style> <script defer src="https.//use.fontawesome.com/a780df76b3.js"></script> </head> <body> <h1 class="text-xl font-black my-9 text-center mx-auto title"> Authenticate to start using </h1> <a id="google-button" class="btn btn-block btn-social btn-google google" href="/auth/google/"> <i class="fa fa-google"></i> Login with Google </a> <!--Github--> <a id="github-button" class="btn btn-block btn-social btn-github github" href="/auth/github/"> <i class="fa fa-github"></i> Login with GitHub </a> </body> </html>
As you can see at "Run code snippet", your code work fine here.正如您在“运行代码片段”中看到的,您的代码在这里可以正常工作。 Therefore the reason is in your web-server - it's publish the Content Security Policy
"script-src 'self'"
by default.因此,原因在于您的网络服务器 - 它默认发布内容安全策略
"script-src 'self'"
。
Just add https://use.fontawesome.com
host-source to the script-src
directive:只需将
https://use.fontawesome.com
主机源添加到script-src
指令:
"script-src 'self' https://use.fontawesome.com"
. "script-src 'self' https://use.fontawesome.com"
。
Or switch CSP off if you do not know what is it.如果您不知道它是什么,或者关闭 CSP。 Because with default CSP settings also will be blocked at least:
https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css
, https://fonts.gstatic.com
and https://fonts.googleapis.com
in the style-src
and script-src
directives. Because with default CSP settings also will be blocked at least:
https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css
, https://fonts.gstatic.com
and https://fonts.googleapis.com
在style-src
和script-src
指令中。
Since you have not specified what is used as a server, I'll try to guess: Node.js + Helmet 4 to manage security headers.由于您没有指定用作服务器的内容,我将尝试猜测:Node.js + Helmet 4 来管理安全标头。
To disable the contentSecurityPolicy
middleware in Helmet but keeps the rest headers:要在 Helmet 中禁用
contentSecurityPolicy
中间件,但保留 rest 标头:
helmet({
contentSecurityPolicy: false,
})
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.