'img-src' 未明确设置,因此使用 'default-src' 作为后备 [英] 'img-src' was not explicitly set, so 'default-src' is used as a fallback
问题描述
这是我在 index.html
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http://example.com">
现在我动态设置 <img id="updateProfilePicPreview" class="profilPicPreview" src=""/>
的 img src 为
Now i am dynamically setting img src of <img id="updateProfilePicPreview" class="profilPicPreview" src="" />
as
var smallImage = document.getElementById('updateProfilePicPreview');
smallImage.style.display = 'block';
smallImage.src = "data:image/jpeg;base64," + imageData;
显示
拒绝加载图像 '数据:图像/JPEG; BASE64,/9J/4AAQSkZJRgABAQAAAQABAAD/2wBDACgcHiMeGSgjISMtKygw ... P + TB/yaKKAIi2TSfjRRVCJFOyIk96rE5NFFDGgoooqBhRRRQA9elIDg5oopgIc + lFFFAH/2Q ==',因为它违反以下内容安全策略指示:默认-SRC自我"http://example.com".请注意,'img-src' 未明确设置,因此使用 'default-src' 作为后备.
Refused to load the image 'data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDACgcHiMeGSgjISMtKygw…p+tB/yaKKAIi2TSfjRRVCJFOyIk96rE5NFFDGgoooqBhRRRQA9elIDg5oopgIc+lFFFAH/2Q==' because it violates the following Content Security Policy directive: "default-src 'self' http://example.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
那么我如何启用动态设置 img
src ?
So how can i enable setting img
src dynamically ?
我正在关注科尔多瓦页面上的这个例子:
I was following this example from cordova page:
var pictureSource; // picture source
var destinationType; // sets the format of returned value
// Wait for device API libraries to load
//
document.addEventListener("deviceready",onDeviceReady,false);
// device APIs are available
//
function onDeviceReady() {
pictureSource=navigator.camera.PictureSourceType;
destinationType=navigator.camera.DestinationType;
}
// Called when a photo is successfully retrieved
//
function onPhotoDataSuccess(imageData) {
// Uncomment to view the base64-encoded image data
// console.log(imageData);
// Get image handle
//
var smallImage = document.getElementById('smallImage');
// Unhide image elements
//
smallImage.style.display = 'block';
// Show the captured photo
// The in-line CSS rules are used to resize the image
//
smallImage.src = "data:image/jpeg;base64," + imageData;
}
// Called when a photo is successfully retrieved
//
function onPhotoURISuccess(imageURI) {
// Uncomment to view the image file URI
// console.log(imageURI);
// Get image handle
//
var largeImage = document.getElementById('largeImage');
// Unhide image elements
//
largeImage.style.display = 'block';
// Show the captured photo
// The in-line CSS rules are used to resize the image
//
largeImage.src = imageURI;
}
// A button will call this function
//
function capturePhoto() {
// Take picture using device camera and retrieve image as base64-encoded string
navigator.camera.getPicture(onPhotoDataSuccess, onFail, { quality: 50,
destinationType: destinationType.DATA_URL });
}
// A button will call this function
//
function capturePhotoEdit() {
// Take picture using device camera, allow edit, and retrieve image as base64-encoded string
navigator.camera.getPicture(onPhotoDataSuccess, onFail, { quality: 20, allowEdit: true,
destinationType: destinationType.DATA_URL });
}
// A button will call this function
//
function getPhoto(source) {
// Retrieve image file location from specified source
navigator.camera.getPicture(onPhotoURISuccess, onFail, { quality: 50,
destinationType: destinationType.FILE_URI,
sourceType: source });
}
// Called if something bad happens.
//
function onFail(message) {
alert('Failed because: ' + message);
}
推荐答案
那么我怎样才能动态设置 img src 呢?
So how can i enable setting img src dynamically ?
问题不是设置src,问题是设置src为data:scheme URI.
The problem is not setting the src, the problem is setting the src to a data: scheme URI.
将 data:
添加到内容安全政策允许的内容列表中.对于 default-src,或者您可以定义一个单独的 img-src.
Add data:
to the list of things allowed by the content security policy. Either for the default-src or you could define a separate img-src.
在下面的示例中,我将 img-src 'self' data:;
添加到 index.html 文件中元标记的开头.
In the example below, I have added img-src 'self' data:;
to the start of the meta tag in the index.html file.
<meta http-equiv="Content-Security-Policy" content="img-src 'self' data:; default-src 'self' http://XX.XX.XX.XX:8084/mypp/">
这篇关于'img-src' 未明确设置,因此使用 'default-src' 作为后备的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!