如何在Windows Universal应用程序中设置内容安全策略 [英] How to set Content Security Policy in Windows Universal apps

问题描述

我甚至不知道这是否是我需要的，但经过几天的这一次 MSDN论坛帖子根本没有回答我以为我会给出一个镜头在SO中。

I don't even know if that's what I need, but after several days of this MSDN Forum post with no answers at all I thought I'd give a shot in SO.

我的问题：我有很多Windows 8.1和Windows Phone 8.1 HTML / Javascripts应用程序有点< script> 每个html页面的< head> 中的句子。我开始将我的应用程序迁移到Windows 10作为单个通用Windows应用程序，但是我收到以下错误：

My problem: I have many Windows 8.1 and Windows Phone 8.1 HTML/Javascripts apps that have a little <script> sentence in the <head> of every html page. I started migrating my apps to Windows 10 as a single Universal Windows app but I get the following error:

CSP14312: Resource violated directive 'script-src ms-appx: data: 'unsafe-eval'' in Host Defined Policy: inline script. Resource will be blocked

当然，没有任何东西被执行......我错过了什么？

and of course, nothing gets executed... am I missing anything?

编辑要重新创建一个带VS2015 RC的空白Windows通用应用并添加

edit: To repro just create a blank Windows Universal app with VS2015 RC and add

<script>
    console.log('hello');
</script>

推荐答案

Rob说得对，默认情况下你不能在 ms-appx：/// 协议中使用内联脚本。这是应用程序的默认协议，并且具有不允许内联脚本的默认CSP策略。

Rob has it right, by default you can't have inline script in ms-appx:/// protocol. This is the default protocol for an application and has a default CSP policy that doesn't allow inline script.

如果您确实希望使用内联脚本，则可以导航到内容通过 ms-appx-web：/// 协议，其中没有默认的CSP政策。

If you really wish to use inline script you can navigate to the content via ms-appx-web:/// protocol where there is no default CSP policy.

一个注意事项是你没有可以访问此协议中的某些功能。

The one note is that you do not have access to some capabilities in this protocol.

除了Rob所说的，我唯一的区别是你最有可能想要设置应用程序内容URI规则（ACUR）这个

The only difference I have beyond what Rob said is that you most likely want to set the Application Content URI Rule (ACUR) like this

<uap:ApplicationContentUriRules>
   <uap:Rule Type="include" Match ="ms-appx-web:///" WindowsRuntimeAccess="all"/>
</uap:ApplicationContentUriRules>

要导航到您的内容，您可以将清单中的StartPage设置为 ms-appx- web：///default.html

To navigate to your content you can set the StartPage in the manifest to ms-appx-web:///default.html

这篇关于如何在Windows Universal应用程序中设置内容安全策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！