Cordova错误:拒绝执行内联脚本,因为它违反了以下“内容安全策略"指令 [英] Cordova error: Refused to execute inline script because it violates the following Content Security Policy directive

查看:207
本文介绍了Cordova错误:拒绝执行内联脚本,因为它违反了以下“内容安全策略"指令的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在学习将Cordova与jquery mobile一起使用,并且出现以下错误:

I'm learning to use Cordova with jquery mobile and I have the following error:

拒绝执行内联脚本,因为它违反了以下内容安全策略指令:"default-src'self'数据:间隙: https://ssl.gstatic.com 'unsafe-eval'".要启用内联执行,要么使用关键字"unsafe-inline",要么使用哈希("sha256-iacGaS9lJJpFDLww4DKQsrDPQ2lxppM2d2GGnzCeKkU =")或随机数("nonce -...").另请注意,未明确设置"script-src",因此将"default-src"用作后备.

Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-iacGaS9lJJpFDLww4DKQsrDPQ2lxppM2d2GGnzCeKkU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

我的代码如下:

    <!DOCTYPE html> 
<html>
    <head>
        <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">
        <meta name="format-detection" content="telephone=no">
        <meta name="msapplication-tap-highlight" content="no">
        <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
        <link rel="stylesheet" type="text/css" href="css/index.css">
        <title>Hello World</title>
        <script> 
            $(document).ready(function()
            { 
                $("#tryit").click(function() {   
                    document.getElementById("msg").innerHTML = "hello";
                });

            }); 
        </script>
    </head>
    <body> 
        <button id="tryit">Try it</button>
        <div id="msg"></div>

        <script type="text/javascript" src="cordova.js"></script>
        <script type="text/javascript" src="js/index.js"></script>
    </body>
</html>

在课堂上,我这样写:

cordova create hello2 com.example.hello2 hello2
cordova platform add android
cordova build 

我认为这与 "cordova-plugin-whitelist" 有关 ,但我不知道如何卸载NPM

I think it has to do with "cordova-plugin-whitelist" , but I don't know how to uninstall the NPM

推荐答案

您需要在内容安全政策中添加不安全内联";要么是default-src,要么是使用script-src的Java语言.因此,尝试以下操作:

You need to add 'unsafe-inline' to the Content-Security-Policy; either to the default-src or explicitly for Javascript using script-src. So try something like:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">

这篇关于Cordova错误:拒绝执行内联脚本,因为它违反了以下“内容安全策略"指令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆