内容安全策略错误https://ssl.gstatic.com [英] Content-Security-Policy error https://ssl.gstatic.com

问题描述

我在以下屏幕截图中捕获到错误:

I am getting an error as captured in the screenshot below:

它显示为:

拒绝将字符串评估为JavaScript，因为在以下内容安全策略指令中不允许使用'unsafe-eval'脚本源:"default-src文件:data:chrome-extension:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src file: data: chrome-extension: https://ssl.gstatic.com". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

我在做什么错，我该如何解决 Content-Security-Policy 错误?

What am I doing wrong and how can I resolve the Content-Security-Policy error?

下面是我的index.html中的元标记:

Below is my meta-tag in, in my index.html:

<meta http-equiv="Content-Security-Policy" 
    content="default-src * 'self' 'unsafe-eval' 'unsafe-inline' 
    data: ssl.gstatic.com https://ssl.gstatic.com; 
    style-src * 'self' 'unsafe-inline' 
    chrome-extension: ssl.gstatic.com; 
    script-src * 'unsafe-inline' 'unsafe-eval' 'self' 
    chrome-extension: file: data: http: https: ssl.gstatic.com
 https://ssl.gstatic.com">

我正在将CCA与Onsen UI结合使用.

I'm using CCA with Onsen UI.

推荐答案

您的问题被标记为Google Chrome应用问题.

Your question is tagged as a Google Chrome App question.

Chrome应用程序要遵循非常具体的CSP ，并且不能覆盖 strong>.

Chrome Apps are subject to a very specific CSP and cannot override it.

default-src 'self';
connect-src *;
style-src 'self' data: chrome-extension-resource: 'unsafe-inline';
img-src 'self' data: chrome-extension-resource:;
frame-src 'self' data: chrome-extension-resource:;
font-src 'self' data: chrome-extension-resource:;
media-src *;

您的Chrome应用只能引用应用中的脚本和对象，媒体文件除外(应用可以引用包外部的视频和音频). Chrome扩展程序可让您放宽默认的内容安全政策； 不会使用Chrome应用.

然后，该文档将继续提供有用的如何..."部分 .看看它，看看什么适合您的需求.

The documentation then proceeds to have a helpful "How do I.." section. Take a look at it and see what fits your needs.

这篇关于内容安全策略错误https://ssl.gstatic.com的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！