拒绝加载图像'<url> ' 因为它违反了以下内容安全策略指令:“img-src 'self' data:”</url>
[英]Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' data:"
问题描述
after i uploaded my website on herokuy the images do not working and it gave me that error
在我将我的网站上传到 herokuy 后,图像无法正常工作,这给了我这个错误
Refused to load the image '' because it violates the following Content Security Policy directive: "img-src 'self' data:".拒绝加载图像'',因为它违反了以下内容安全策略指令:“img-src 'self' data:”。
i have tried somethings like我尝试过类似的东西
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src data:" />
that but it does not work also但它也不起作用
3 个解决方案
解决方案1
2 2021-06-20 18:53:36
This disables the contentSecurityPolicy middleware but keeps the rest:这将禁用contentSecurityPolicy中间件,但保留 rest:
app.use(
helmet({
contentSecurityPolicy: false,
})
);
解决方案2
2 2022-05-21 13:33:36
app.use(helmet({ crossOriginEmbedderPolicy: false, originAgentCluster: true }));
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data: blob:"],
},
})
);
解决方案3
1 2021-12-31 13:02:55
Better practice instead of setting contentSecurityPolicy to false which should be the most last option.更好的做法,而不是将 contentSecurityPolicy 设置为 false,这应该是最后一个选项。 Using the Helmet documentation helps alot.使用Helmet 文档有很大帮助。 I used this in my app and it solves the issue very well.我在我的应用程序中使用了它,它很好地解决了这个问题。 My app is hosted here .我的应用程序托管在这里。 Checkout my source code here . 在这里查看我的源代码。
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data:"]
}
})
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.