Play Framework无法运行内联JavaScript [英] Play Framework won't run inline javascript

问题描述

我正在尝试使用play框架2.6和scala设置一个简单的应用程序，但似乎无法在html模板上运行内联javascript.我不断收到错误消息:

I am trying to set up a simple application using the play framework 2.6 and scala and I can't seem to run inline javascript off my html templates. I keep getting the error:

拒绝执行内联脚本，因为它违反了以下内容安全策略指令:"default-src'self'".要么使用'unsafe-inline'关键字，要么使用一个哈希('sha256-DdH/amfJizOgk2xZ + Xst5j13qHxPYrrrfT6x/TzfYiA =')或一个随机数('nonce -...')来启用内联执行.另请注意，未明确设置"script-src"，因此将"default-src"用作后备.

Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-DdH/amfJizOgk2xZ+Xst5j13qHxPYrrrfT6x/TzfYiA='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

我的Scala代码是:

My scala code is:

package controllers
import javax.inject._
import play.api._
import play.api.mvc._
import play.twirl.api.Html
class HomeController @Inject()(cc: ControllerComponents) extends 
AbstractController(cc) {

def index() = Action { implicit request: Request[AnyContent] =>
  Ok(views.html.main("Hello World"))
}
}

我的html.main.html文件如下所示:

And my html.main.html file looks like:

@(title: String)

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
        <title>@title</title>
        <link rel="stylesheet" media="screen" 
href="@routes.Assets.versioned("stylesheets/main.css")">
        <link rel="shortcut icon" type="image/png" 
href="@routes.Assets.versioned("images/favicon.png")">

    </head>
    <body>
        <script type = "text/javascript">
            document.write("Check");
        </script>

        <script src = "@routes.Assets.versioned("javascripts/main.js")" type = 
"text/javascript"></script>
    </body>
</html>

因此，理想情况下，当我通过本地主机连接时，它应该在屏幕上打印检查".我尝试将application.conf文件更改为

So ideally it should print "Check" on the screen when I connect by the local host. I tried changing my application.conf file to be

play.filters.headers.contentSecurityPolicy = null

但是那也不起作用.我还能尝试什么?

But that didn't work either. What else can I try?

推荐答案

The

play.filters.headers.contentSecurityPolicy = null

是正确的，现在删除

<meta http-equiv="Content-Security-Policy" content="default-src 'self'">

然后它必须按预期工作

这篇关于Play Framework无法运行内联JavaScript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！