内容安全策略错误https://ssl.gstatic.com [英] Content-Security-Policy error https://ssl.gstatic.com
问题描述
我在以下屏幕截图中捕获到错误:
I am getting an error as captured in the screenshot below:
它显示为:
拒绝将字符串评估为JavaScript,因为在以下内容安全策略指令中不允许使用'unsafe-eval'脚本源:"default-src文件:data:chrome-extension:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src file: data: chrome-extension: https://ssl.gstatic.com". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
我在做什么错,我该如何解决 Content-Security-Policy 错误?
What am I doing wrong and how can I resolve the Content-Security-Policy error?
下面是我的index.html中的元标记:
Below is my meta-tag in, in my index.html:
<meta http-equiv="Content-Security-Policy"
content="default-src * 'self' 'unsafe-eval' 'unsafe-inline'
data: ssl.gstatic.com https://ssl.gstatic.com;
style-src * 'self' 'unsafe-inline'
chrome-extension: ssl.gstatic.com;
script-src * 'unsafe-inline' 'unsafe-eval' 'self'
chrome-extension: file: data: http: https: ssl.gstatic.com
https://ssl.gstatic.com">
我正在将CCA与Onsen UI结合使用.
I'm using CCA with Onsen UI.
推荐答案
您的问题被标记为Google Chrome应用问题.
Your question is tagged as a Google Chrome App question.
Chrome应用程序要遵循非常具体的CSP ,并且不能覆盖 strong>.
Chrome Apps are subject to a very specific CSP and cannot override it.
default-src 'self';
connect-src *;
style-src 'self' data: chrome-extension-resource: 'unsafe-inline';
img-src 'self' data: chrome-extension-resource:;
frame-src 'self' data: chrome-extension-resource:;
font-src 'self' data: chrome-extension-resource:;
media-src *;
您的Chrome应用只能引用应用中的脚本和对象,媒体文件除外(应用可以引用包外部的视频和音频). Chrome扩展程序可让您放宽默认的内容安全政策; 不会使用Chrome应用.
然后,该文档将继续提供有用的如何..."部分 .看看它,看看什么适合您的需求.
The documentation then proceeds to have a helpful "How do I.." section. Take a look at it and see what fits your needs.
这篇关于内容安全策略错误https://ssl.gstatic.com的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!