部署React/Express应用后出现内容安全策略错误 [英] Getting content security policy error after deploying react/express app

问题描述

我在heroku上部署了一个react/express应用，当我访问此处时，我得到了此错误'拒绝加载图像' https://nameless-sands-37753.herokuapp.com/favicon.ico "，因为它违反了以下内容安全政策指令:"default-src'none'".请注意，未明确设置"img-src"，因此将"default-src"用作后备.这是我尝试过的:

I deployed a react/express app to heroku and when going to here I get this error 'Refused to load the image 'https://nameless-sands-37753.herokuapp.com/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.'. Here's what I tried:

• 将此添加到manifest.json:"content_security_policy":"default-src'self'https://nameless-sands-37753.herokuapp.com/"
• 将此添加到我的server.js

if (process.env.NODE_ENV === "production") {
  app.use("/voleo/", express.static("client/build"));
  app.use(helmet.contentSecurityPolicy({
    directives: {
      defaultSrc: ["'self'"],
      styleSrc: ["'self'"],
      imgSrc: ["'self"]
    }
  }))

  app.get("*", (req, res) => {
    res.sendfile(path.resolve(__dirname, "client", "build", "index.html"));
  });
}

• 删除了faveicon.ico

• 添加了此标签:< meta http-equiv ="Content-Security-Policy" content ="default-src *; style-src'self'https://*'unsafe-inline'; script-src'self'https://*'unsafe-inline''unsafe-eval'; img-src'self'https://*"/>

  仍然不确定我在做什么错.建议非常感激.

  Still not sure what I'm doing wrong. Advice much appreciated.

  推荐答案

  对该问题的更一般的答案是按如下方式检查终端中的heroku日志:

  The more general answer to the problem would be to check heroku logs in terminal as follows:

  heroku logs -n 500 
  

  (选择要记录的行数)或

  (choose the number of lines to log) OR

  heroku logs --tail 
  

  (对于实时日志，但我发现第一个命令更有效)

  (for live logs, but I found the 1st command to be more effective)

  在该处，您将看到导致应用无法正确呈现的确切错误.

  In there you will see the exact error that prevents the app from properly rendering.

  这篇关于部署React/Express应用后出现内容安全策略错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！