禁用内容安全策略 [英] disabling Content Security Policy
问题描述
当我在开发网站时,我经常希望看到某个特定功能在网站上的外观。所以我转到chrome开发人员工具并经常运行一些javascript脚本。
When I'm working with developing a website, I often would like to see how a specific feature would look on a website. So I go to the chrome developer tools and often run some javascript scripts.
我经常发现由于内容安全策略(CSP)而导致某些脚本无法运行的问题为了防止跨站点脚本,我完全理解。
I often find the issue that some scripts can not run because of the Content Security Policy (CSP), which I completely understand for purposes of protecting against cross site scripting.
问题:因为我在页面上用开发者控制台测试功能在我的浏览器客户端上为我加载,我想知道是否有一种方法可以在加载后禁用该特定页面的CSP?可能在源代码中的某个地方有inspect元素,或者在开发人员控制台的某些设置中。
QUESTION: Since I am testing features with the developers console on a page that is loaded for me on my browser client, I was wondering if there was a way to disable the CSP for that specific page after it has loaded? Possibly somewhere in the source code with inspect element, or in some settings part of the developer console.
推荐答案
我不一定保证最好的方法,但有一个自担风险扩展可用于禁用CSP: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en 。快速搜索chrome google群组( https: //groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/TZaaNTPOqt0 )表示仅使用开发人员工具没有本地方法来执行此操作。
I can't necessarily vouch for the best way to do that, but there is a use at own risk extension available for disabling CSP: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en. A quick search on the chrome google group (https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/TZaaNTPOqt0) indicates that there is not a native way to do this using only the developer tools.
这篇关于禁用内容安全策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
