如何在Windows Universal应用程序中设置内容安全策略 [英] How to set Content Security Policy in Windows Universal apps
问题描述
我甚至不知道这是否是我需要的,但经过几天的这一次 MSDN论坛帖子根本没有回答我以为我会给出一个镜头在SO中。
I don't even know if that's what I need, but after several days of this MSDN Forum post with no answers at all I thought I'd give a shot in SO.
我的问题:我有很多Windows 8.1和Windows Phone 8.1 HTML / Javascripts应用程序有点< script>
每个html页面的< head>
中的句子。我开始将我的应用程序迁移到Windows 10作为单个通用Windows应用程序,但是我收到以下错误:
My problem: I have many Windows 8.1 and Windows Phone 8.1 HTML/Javascripts apps that have a little <script>
sentence in the <head>
of every html page. I started migrating my apps to Windows 10 as a single Universal Windows app but I get the following error:
CSP14312: Resource violated directive 'script-src ms-appx: data: 'unsafe-eval'' in Host Defined Policy: inline script. Resource will be blocked
当然,没有任何东西被执行......我错过了什么?
and of course, nothing gets executed... am I missing anything?
编辑要重新创建一个带VS2015 RC的空白Windows通用应用并添加
edit: To repro just create a blank Windows Universal app with VS2015 RC and add
<script>
console.log('hello');
</script>
推荐答案
Rob说得对,默认情况下你不能在 ms-appx:/// 协议中使用内联脚本。这是应用程序的默认协议,并且具有不允许内联脚本的默认CSP策略。
Rob has it right, by default you can't have inline script in ms-appx:/// protocol. This is the default protocol for an application and has a default CSP policy that doesn't allow inline script.
如果您确实希望使用内联脚本,则可以导航到内容通过 ms-appx-web:/// 协议,其中没有默认的CSP政策。
If you really wish to use inline script you can navigate to the content via ms-appx-web:/// protocol where there is no default CSP policy.
一个注意事项是你没有可以访问此协议中的某些功能。
The one note is that you do not have access to some capabilities in this protocol.
除了Rob所说的,我唯一的区别是你最有可能想要设置应用程序内容URI规则(ACUR)这个
The only difference I have beyond what Rob said is that you most likely want to set the Application Content URI Rule (ACUR) like this
<uap:ApplicationContentUriRules>
<uap:Rule Type="include" Match ="ms-appx-web:///" WindowsRuntimeAccess="all"/>
</uap:ApplicationContentUriRules>
要导航到您的内容,您可以将清单中的StartPage设置为 ms-appx- web:///default.html
To navigate to your content you can set the StartPage in the manifest to ms-appx-web:///default.html
这篇关于如何在Windows Universal应用程序中设置内容安全策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!