[英]Content Security Policy directive: Refused to load the font
我使用angular-cli创建了一个角度项目,但是当我使用
npm start
它显示
Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y+RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3/BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh/AAAAq4AAASRk5y6n3ByZ...QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA+hLHRPbqtMo7ZHCpKdT6tPGXybzo0+RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj/uX5/KuEy6DL0z6A/Fn79VihxMFJsrlAFy4DpZOcvNlMeNp+BRDLj0r+XFdRxdSNSNxiI/AL3ojKdAAB4AWPw3sFwIihiIyNjX+QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M+YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU=' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
我读了一些SO答案,然后指出要设置CSP元标记,所以我添加了
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' data: fonts.gstatic.com">
在我的index.html文件中。 但这仍然在浏览器控制台上显示相同的错误日志。 有什么帮助吗?
该项目位于目录中,该目录是https://www.visualstudio.com/上托管的git目录。
当我将此项目从git目录移至其他位置并运行时,它可以工作。 不知道是什么原因
如果在元标记中设置CSP之前遇到错误,则说明已经有一个现有的CSP。 检查文档中是否有其他元标记,或者检查HTTP响应标头。 您可以使用https://securityheaders.io/扫描您的应用程序,并查看是否设置了CSP。
注意:如果您确实在中继标记中设定了CSP,则必须将标记放在您要使用它列入白名单的任何资产之前的页面中。 <meta>标签应尽可能早地放置在页面中。
https://fonts.googleapis.com; font-src'self'https: //fonts.gstatic.com数据:;“>
^应该可以
Angular 8 拒绝加载加载图像,因为它违反了以下内容安全策略指令
[英]Angular 8 refused to load load the image because it violates the following Content Security Policy directive
拒绝加载图像,因为它违反了以下内容安全策略指令:“default-src 'none'”。 角度 8
[英]Refused to load the image because it violates the following Content Security Policy directive: "default-src 'none'". Angular 8
拒绝加载图像,因为它违反了以下内容安全策略指令(图标)
[英]Refused to load the image because it violates the following Content Security Policy directive (favicon)
角路由“拒绝加载字体”,因为它违反了以下内容安全策略”
[英]Angular routing 'Refused to load the font '…' because it violates the following Content Security Policy'
Angular + bootstrap throws error 拒绝加载图像,因为它违反了以下内容安全策略指令:“default-src 'none'”
[英]Angular + bootstrap throws error Refused to load the image because it violates the following Content Security Policy directive: “default-src 'none'”
Angular4 Content-Security-Protocol拒绝加载字体
[英]Angular4 Content-Security-Protocol Refused to load the font
错误号 angular:“拒绝执行内联脚本,因为它违反了以下内容安全策略指令:“script-src 'self'”
[英]Error no angular: "Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"
无法在生产中加载图像,违反内容安全策略指令:“img-src 'self' data
[英]Cannot load images on production, violates Content Security Policy directive: "img-src 'self' data
无法在重新加载页面上获取 /login Angular 8 - 拒绝加载图像“/favicon.ico”,因为它违反了以下内容安全策略
[英]Cannot GET /login on reload pages Angular 8 - Refused to load the image '/favicon.ico' because it violates the following Content Security Policy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.