拒绝加载脚本,因为它违反了以下“内容安全策略"指令:"style-src'self''unsafe-inline' [英] Refused to load the script because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'

查看:3505
本文介绍了拒绝加载脚本,因为它违反了以下“内容安全策略"指令:"style-src'self''unsafe-inline'的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当我的代码在发布模式下运行时,我正在使用MVC6(asp.net 5)使用angular并尝试从CDN位置加载脚本,但是由于某些原因,脚本从未加载.

I am using MVC6 (asp.net 5) using angular and trying to load scripts from CDN locations when my code is running in release mode, but for some reason the scripts NEVER load.

我已阅读到您需要在HTML文件中添加一个meta标签,就像这样.

I have read that you need to add a meta tag to your HTML file, which I have done, like so.

<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' https://ajax.aspnetcdn.com; font-src 'self' http://netdna.bootstrapcdn.com" />

在我的Index.cshtml上,我已经知道了.

And on my Index.cshtml, I have got this.

<environment names="Staging,Production">
    <script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.8/angular.min.js"
        asp-fallback-src="~/lib/angular/angular.min.js"
        asp-fallback-test="window.angular">
    </script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/angular-ui-router/0.2.15/angular-ui-router.min.js"
        asp-fallback-src="~/lib/angular-ui-router/release/angular-ui-router.js"
        asp-fallback-test="window.angular && window.angularUiRouter">
    </script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/angular-local-storage/0.2.2/angular-local-storage.min.js"
        asp-fallback-src="~/lib/angular-local-storage/dist/angular-local-storage.js"
        asp-fallback-test="window.angular && window.localStorage">
    </script>

但是它们从不加载.我尝试使用IISExpress和DNX Web命令运行代码.

But they never load. I have tried running the code using IISExpress and also using the DNX Web command.

我有这篇帖子,这就是我创建META的方法标签,但不确定为什么它不起作用.我已经在Chrome浏览器中尝试过此操作,并且在控制台下,我只会收到类似的错误

I have this post which is how I come to creating the META tag, but not sure why it's not working. I have tried this in Chrome, and under the console, I just get errors like so

推荐答案

在网页标题部分中放置以下内容:

Put the following in the web page header section:

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com ">

有关内容安全政策的更多详细信息,您可以在此处此处.

More details about Content Security Policy you can read here and here.

这篇关于拒绝加载脚本,因为它违反了以下“内容安全策略"指令:"style-src'self''unsafe-inline'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆