[英]Local jquery.js file causing Content Security Policy (CSP) violation errors
我在本地有以下js文件;
<script type="text/javascript" src="js/jquery-1.11.1.min.js"></script>
在Ripple中運行我的Cordova Phonegap應用程序會引發以下錯誤;
jquery.mobile-1.4.5.min.js:3 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==' because it violates the following Content Security Policy directive: "default-src * 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
我在html中有以下元數據;
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'">
如何防止引發(CSP)違規錯誤? 可以解決嗎?
編輯:將ajax.googleapis網址添加到元數據中有助於消除大多數CSP錯誤;
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' https://ajax.googleapis.com/ 'unsafe-inline'">
但是我仍然有一些類似下面的內容:
Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAI3gABIAAAABRWQAAQABAAAAAAAAAAAAAAAAAAAAA…IwnaGGIYHBlUELLMKwH6htK8MUhmKGIAYjqCImVEUgs1mBOtm1gRYpuNZmSrgAALqcEVgAAAA=' because it violates the following Content Security Policy directive: "default-src * 'unsafe-eval' https://ajax.googleapis.com/ 'unsafe-inline'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
錯誤的來源是: http:// localhost:3000 /#&ui-state = dialog
但是我認為這沒什么大不了的,因為我認為這是導致該錯誤的Ripple Emulator。
添加到內容安全性指令:img-src'self'數據:;
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:">
這是根據CSP規范中的語法
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.