如何对本地主机文件使用Content-Security-Policy [英] How to use Content-Security-Policy with localhost files
问题描述
我的页面上出现以下错误:
I am getting the following error on my page:
Refused to load the script 'http://127.0.0.1:35729/livereload.js' because it violates the following Content Security Policy directive: "script-src https: 'unsafe-inline' 'unsafe-eval'".
HTML
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;">
</head>
<body>
<script src="http://127.0.0.1:35729/livereload.js"></script>
我试图使用完全开放只是为了使其工作然后向后工作,但是我什至
I have tried to use a completely open just to get it working and then work backwards, however I even get the same error with this.
要清楚,这不是生产代码,这只是为了在一个域上启用live-reload-webpack
To be clear, this isn't for producition code, this is just to enable my live-reload-webpack on a domain that is using https.
推荐答案
您可以使用 localhost:
使用'self'
在这种情况下也足够了。在某些奇怪的情况下, *
实际上并不包含所有内容(例如, blob:
也被排除在 *
我相信)。
You can use localhost:
, though I believe using 'self'
would also suffice in this situation. There are some odd cases where *
is not actually all-inclusive (blob:
for example is also excluded from *
I believe).
一如既往,最好使用Google的先评估者。
As always it's good to check out your CSP with Google's Evaluator first.
这篇关于如何对本地主机文件使用Content-Security-Policy的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!