堆栈内存溢出
  繁体   English   中英

拒绝应用内联样式和图像 'data:image/svg+xml;base64,PD94bWwgd,因为它违反了以下内容安全策略指令:

[英]Refused to apply inline style and image 'data:image/svg+xml;base64,PD94bWwgd because it violates the following Content Security Policy directive:

 原文  2020-05-09 10:07:08       html/ asp.net/ asp.net-core/ identityserver4/ material-design-lite

问题描述

我正在使用 Google 材料设计精简版https://getmdl.io/自托管的 Identity server 4

在 layout.chtml 我有下面的代码

<head>
    <meta charset="utf-8"/>
    <meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data:*">
    <link rel="stylesheet" href="~/lib/mdl/material.min.css">
    <script src="~/lib/mdl/material.min.js"></script>
    <link rel="stylesheet" href="~/lib/mdl/mdl-fonts-css.css"/>
</head>

Asp.net核心中间件

csp.AllowScripts.FromSelf();
            csp.AllowStyles.FromSelf();
            csp.AllowFonts.FromAnywhere();
            csp.AllowImages.FromAnywhere();
        });

问题在于下面的行

<script src="~/lib/mdl/material.min.js"></script>
<div class="mdl-card mdl-shadow--2dp" style="width: 100% !important;">

因为我不能从错误中理解我不能使用内联 css,但我想在某些地方使用内联 css。

错误

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-c2d5qa05NGXcgHRIBMvdmXcUZeZvdQK1bXt65QKaVnM='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
textfield.js:236 Refused to load the image 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8vd3d3LnczbGU9ImZpbGw6IzAwMDAwMDtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZSIgLz4KPC9zdmc+Cg==' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

L.init @ snackbar.js:73
L @ snackbar.js:73
a @ material.min.js:8
n @ material.min.js:8
_ @ material.min.js:8
(anonymous) @ material.min.js:8
load (async)
(anonymous) @ material.min.js:8
(anonymous) @ snackbar.js:73
textfield.js:236 Refused to load the image 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3d2lkdGg9IjEiCiAgICAgaGVpZ2h0PSIxIgogICAgIHg9IjAiCiAgICAgeT0iMCIKICAgICBjbGlwLXBhdGg9InVybCgjY2xpcCkiCiAgICAgc3R5bGU9ImZpbGw6IzAwMDAwMDtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZSIgLz4KPC9zdmc+Cg==' because it violates the following Content Security Policy directive: "img-src 'self' data:*".

从网络上可以看到~/lib/mdl/material.min.js 加载成功。

我关注的一些链接但没有帮助。

拒绝应用内联样式,因为它违反了以下内容安全策略指令:“style-src 'self'”modernizr

https://forum.ionicframework.com/t/refuse-to-load-the-image-svg-issue-with-search-bar-icons/47234

1 个解决方案

解决方案1
 0  2021-07-15 15:27:50

img-src 的内容安全策略应该是'self' data:包括冒号但不包括星号)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Chrome 中的 CSS 内联样式错误:“拒绝应用内联样式,因为它违反了以下内容安全策略指令……” 拒绝加载图像“blob:...”,因为它违反了以下内容安全策略 拒绝加载样式表,因为它违反了以下内容安全策略指令:“style-src &#39;self&#39; &#39;unsafe-inline&#39;” 拒绝加载脚本,因为它违反了以下内容安全策略指令:“style-src 'self' 'unsafe-inline' Chrome 扩展策略错误:拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令 拒绝执行内联脚本,因为它违反了以下内容安全策略指令:“default-src 'self'” Cordova 错误:拒绝执行内联脚本,因为它违反了以下内容安全策略指令 我不断收到错误“拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令 如何修复错误“拒绝执行内联脚本,因为它违反了以下内容安全策略指令: 拒绝加载脚本,因为它违反了以下内容安全策略指令
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM