[英]Content Security Policy issue when using auth0 with heroku
我试图让 auth0 与 heroku 一起工作,但遇到了一些困难。
我可以让它毫无问题地在本地工作,但它不能与 Heroku 一起工作
我的设置:React 应用程序从 express 中作为静态资源作为服务器
auth0 提供程序的代码:
const providerConfig = {
domain: process.env.AUTH0_DOMAIN,
clientId: process.env.AUTH0_CLIENT_ID,
redirectUri: window.location.origin,
};
ReactDOM.render(
<Auth0Provider {...providerConfig}>
<BrowserRouter history={history}>
<App />
</BrowserRouter>
</Auth0Provider>,
document.getElementById("root")
);
我尝试登录时遇到的错误:
Refused to connect to 'https://small-dust-7659.eu.auth0.com/oauth/token' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
非常感谢任何帮助,谢谢!
问题与头盔配置有关..
我将 auth0 域添加到 connectSrc 并解决了问题
helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
objectSrc: ["'none'"],
scriptSrc: ["'self'", "unpkg.com", "polyfill.io"],
styleSrc: ["'self'", "https: 'unsafe-inline'"],
----> connectSrc: ["'self'", "xxxxxx.eu.auth0.com"],
upgradeInsecureRequests: [],
},
},
});
使用Auth0注销时Heroku“returnTo”查询字符串参数错误
[英]Heroku "returnTo" querystring parameter error on logout using Auth0
获取“违反以下内容安全策略指令:”default-src 'none'”。将 Angular 应用程序部署到 heroku 时出错
[英]Getting a "violates the following Content Security Policy directive: "default-src 'none'". error when deploying an angular app to heroku
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.