Play Framework无法运行内联JavaScript [英] Play Framework won't run inline javascript
问题描述
我正在尝试使用play框架2.6和scala设置一个简单的应用程序,但似乎无法在html模板上运行内联javascript.我不断收到错误消息:
I am trying to set up a simple application using the play framework 2.6 and scala and I can't seem to run inline javascript off my html templates. I keep getting the error:
拒绝执行内联脚本,因为它违反了以下内容安全策略指令:"default-src'self'".要么使用'unsafe-inline'关键字,要么使用一个哈希('sha256-DdH/amfJizOgk2xZ + Xst5j13qHxPYrrrfT6x/TzfYiA =')或一个随机数('nonce -...')来启用内联执行.另请注意,未明确设置"script-src",因此将"default-src"用作后备.
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-DdH/amfJizOgk2xZ+Xst5j13qHxPYrrrfT6x/TzfYiA='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
我的Scala代码是:
My scala code is:
package controllers
import javax.inject._
import play.api._
import play.api.mvc._
import play.twirl.api.Html
class HomeController @Inject()(cc: ControllerComponents) extends
AbstractController(cc) {
def index() = Action { implicit request: Request[AnyContent] =>
Ok(views.html.main("Hello World"))
}
}
我的html.main.html文件如下所示:
And my html.main.html file looks like:
@(title: String)
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
<title>@title</title>
<link rel="stylesheet" media="screen"
href="@routes.Assets.versioned("stylesheets/main.css")">
<link rel="shortcut icon" type="image/png"
href="@routes.Assets.versioned("images/favicon.png")">
</head>
<body>
<script type = "text/javascript">
document.write("Check");
</script>
<script src = "@routes.Assets.versioned("javascripts/main.js")" type =
"text/javascript"></script>
</body>
</html>
因此,理想情况下,当我通过本地主机连接时,它应该在屏幕上打印检查".我尝试将application.conf文件更改为
So ideally it should print "Check" on the screen when I connect by the local host. I tried changing my application.conf file to be
play.filters.headers.contentSecurityPolicy = null
但是那也不起作用.我还能尝试什么?
But that didn't work either. What else can I try?
推荐答案
The
play.filters.headers.contentSecurityPolicy = null
是正确的,现在删除
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
然后它必须按预期工作
这篇关于Play Framework无法运行内联JavaScript的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!