![](/img/trans.png)
[英]Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'"
[英]Refused to load * because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy
在我的 index.html 頁面中,我設置了:
<meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
並嘗試過:
<meta http-equiv="Content-Security-Policy" content="default-src *; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *">
這是在一個 React 應用程序中。 我在開發人員和生產版本上都解決了這個元標記的錯誤。 但是,當我在 AWS 上部署它時,我再次收到 CSP 錯誤。 static 生產版本由 S3 提供服務。 該問題僅發生在 Safari 中。
完全錯誤:
Refused to load data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMTNweCIgaGVpZ2h0PSIxN3B4IiB2aWV3Qm94PSIwIDAgMTMgMTciIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI+CiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDQzLjIgKDM5MDY5KSAtIGh0dHA6Ly93d3cuYm9oZW1pYW5jb2RpbmcuY29tL3NrZXRjaCAtLT4KICAgIDx0aXRsZT5fQXNzZXRzL0lubGluZS9Ta2lwQmFjazE1PC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZ...wwLjk5MDQ3ODUxNiBDOCwwLjcxNTA1NzM3MyA3LjgwMTUwNDAyLDAuNTk5MjQ3OTg5IDcuNTU2NjQ2ODIsMC43MjE2NzY1ODggTDUsMiBMNSwwLjk5MDQ3ODUxNiBDNSwwLjcxNTA1NzM3MyA0LjgwMTUwNDAyLDAuNTk5MjQ3OTg5IDQuNTU2NjQ2ODIsMC43MjE2NzY1ODggTDEuNDQzMzUzMTgsMi4yNzgzMjM0MSBDMS4xOTI5MjgzMSwyLjQwMzUzNTg0IDEuMTk4NDk1OTgsMi41OTkyNDc5OSAxLjQ0MzM1MzE4LDIuNzIxNjc2NTkgTDQuNTU2NjQ2ODIsNC4yNzgzMjM0MSBDNC44MDcwNzE2OSw0LjQwMzUzNTg0IDUsNC4yODA0MDUyOSA1LDQuMDA5NTIxNDggTDUsMyBaIiBpZD0iQ29tYmluZWQtU2hhcGUiPjwvcGF0aD4KICAgICAgICA8L2c+CiAgICA8L2c+Cjwvc3ZnPg== because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy
看起來 Safari 不允許您使用元標記覆蓋 Content-Security-Policy,至少如果它已經在 HTTP Z099FB995346F31C749F6E40DB0F395EZ 中出現的話。 我刪除了元標記並更新了 HTTP header 並克服了錯誤。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.