因为它违反了以下内容安全策略指令:“script-src 'self' blob:”。 请注意,'script-src-elem' 没有明确设置,
[英]because it violates the following Content Security Policy directive: "script-src 'self' blob:". Note that 'script-src-elem' was not explicitly set,
问题描述
I have been following, the Node.js, Express, MongoDB & More: The Complete Bootcamp 2022 by Jonas on Udemy.
我一直在关注Node.js、Express、MongoDB 等:Jonas 在 Udemy 上的完整训练营 2022 。 He has used Mapbox in lecture 187 and Axios in 189. I have tried every possible solution on the net but the following are the problems that I have faced:他在第 187 课中使用了 Mapbox,在第 189 课中使用了 Axios。我在网上尝试了所有可能的解决方案,但以下是我遇到的问题:
From lecture 187: Maps are not displayed the following error is thrown by the browser: GET https://api.mapbox.com/mapbox-gl-js/v0.54.0/mapbox-gl.css net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200.从第 187 讲:不显示地图,浏览器抛出以下错误:GET https://api.mapbox.com/mapbox-gl-js/v0.54.0/mapbox-gl.css net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 .
Here is a ss of the code that I have tried but it's still not working: Click to see ss这是我尝试过但仍然无法正常工作的代码的ss:点击查看ss
From lecture 189: Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/axios/1.0.0-alpha.1/axios.min.js' because it violates the following Content Security Policy directive: "script-src 'self' blob:".来自第 189 课:拒绝加载脚本“https://cdnjs.cloudflare.com/ajax/libs/axios/1.0.0-alpha.1/axios.min.js”,因为它违反了以下内容安全策略指令: “脚本-src 'self' blob:”。 Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.请注意,'script-src-elem' 没有明确设置,因此 'script-src' 用作后备。 Here is a look at the code that I have tried Click to see image这是我尝试过的代码点击查看图片
2 个解决方案
解决方案1
0 2022-06-28 06:21:39
Hope you are doing well.希望你一切顺利。
Your application isn't configured to execute Cross-Origin resources and for that reason, the Mapbox stylesheet you are trying to use from an external source is getting blocked.您的应用程序未配置为执行跨域资源,因此,您尝试从外部源使用的 Mapbox 样式表被阻止。 In order to solve it, just include crossorigin='anonymous' after the link.为了解决它,只需在链接后包含crossorigin='anonymous' 。 Like this way-像这样——
<link href='https://api.mapbox.com/mapbox-gl-js/v2.9.1/mapbox-gl.css' rel='stylesheet' crossorigin='anonymous'>
Hope this will help!希望这会有所帮助!
Another issue that you have mentioned with Axios, is mostly the same as the first issue.您在 Axios 中提到的另一个问题与第一个问题基本相同。 Since you are trying to use the CDN link, the HTTP security policy defined for the application isn't allowing it.由于您尝试使用 CDN 链接,因此为应用程序定义的 HTTP 安全策略不允许它。 If you are using the Helmet Package then place the following code accordingly-如果您使用的是头盔包,请相应地放置以下代码 -
app.use(helmet({ contentSecurityPolicy: { useDefaults: true, directives: { 'script-src': ["'self'", "https://cdnjs.cloudflare.com/"] } } }) );
Let me know if that helps!让我知道这是否有帮助! 😊 😊
解决方案2
0 2022-07-10 18:43:54
I am taking the same course with Jonas.我正在和乔纳斯上同样的课程。 And After a lot of failed attempted solutions, I finally make it to work.在尝试了很多失败的解决方案之后,我终于让它工作了。 What I did:我做了什么:
- I installed the package using npm:我使用 npm 安装了这个包:
npm install mapbox-gl --save npm install mapbox-gl --save
- in the mapbox.js file I added at the top a require:在 mapbox.js 文件中,我在顶部添加了一个要求:
var mapboxgl = require('mapbox-gl/dist/mapbox-gl.js'); var mapboxgl = require('mapbox-gl/dist/mapbox-gl.js');
- finally in order to be able to use the mapbox style, I added below the 'block append head' :最后为了能够使用 mapbox 样式,我在 'block append head' 下面添加了:
link(href='https://api.mapbox.com/mapbox-gl-js/v2.9.1/mapbox-gl.css' rel='stylesheet' crossorigin='anonymous')链接(href='https://api.mapbox.com/mapbox-gl-js/v2.9.1/mapbox-gl.css' rel='stylesheet' crossorigin='anonymous')
Hope this works for you also.希望这也适用于你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.