[英]Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' data:"
after i uploaded my website on herokuy the images do not working and it gave me that error在我将我的网站上传到 herokuy 后,图像无法正常工作,这给了我这个错误
Refused to load the image '' because it violates the following Content Security Policy directive: "img-src 'self' data:".拒绝加载图像'',因为它违反了以下内容安全策略指令:“img-src 'self' data:”。
i have tried somethings like我尝试过类似的东西
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src data:" />
that but it does not work also但它也不起作用
This disables the contentSecurityPolicy
middleware but keeps the rest:这将禁用
contentSecurityPolicy
中间件,但保留 rest:
app.use(
helmet({
contentSecurityPolicy: false,
})
);
app.use(helmet({ crossOriginEmbedderPolicy: false, originAgentCluster: true }));
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data: blob:"],
},
})
);
Better practice instead of setting contentSecurityPolicy to false which should be the most last option.更好的做法,而不是将 contentSecurityPolicy 设置为 false,这应该是最后一个选项。 Using the Helmet documentation helps alot.
使用Helmet 文档有很大帮助。 I used this in my app and it solves the issue very well.
我在我的应用程序中使用了它,它很好地解决了这个问题。 My app is hosted here .
我的应用程序托管在这里。 Checkout my source code here .
在这里查看我的源代码。
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data:"]
}
})
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.