拒绝加载脚本,因为它违反了以下“内容安全策略"指令:"style-src'self''unsafe-inline' [英] Refused to load the script because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'
问题描述
当我的代码在发布模式下运行时,我正在使用MVC6(asp.net 5)使用angular并尝试从CDN位置加载脚本,但是由于某些原因,脚本从未加载.
I am using MVC6 (asp.net 5) using angular and trying to load scripts from CDN locations when my code is running in release mode, but for some reason the scripts NEVER load.
我已阅读到您需要在HTML文件中添加一个meta标签,就像这样.
I have read that you need to add a meta tag to your HTML file, which I have done, like so.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' https://ajax.aspnetcdn.com; font-src 'self' http://netdna.bootstrapcdn.com" />
在我的Index.cshtml上,我已经知道了.
And on my Index.cshtml, I have got this.
<environment names="Staging,Production">
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.8/angular.min.js"
asp-fallback-src="~/lib/angular/angular.min.js"
asp-fallback-test="window.angular">
</script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular-ui-router/0.2.15/angular-ui-router.min.js"
asp-fallback-src="~/lib/angular-ui-router/release/angular-ui-router.js"
asp-fallback-test="window.angular && window.angularUiRouter">
</script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular-local-storage/0.2.2/angular-local-storage.min.js"
asp-fallback-src="~/lib/angular-local-storage/dist/angular-local-storage.js"
asp-fallback-test="window.angular && window.localStorage">
</script>
但是它们从不加载.我尝试使用IISExpress和DNX Web
命令运行代码.
But they never load. I have tried running the code using IISExpress and also using the DNX Web
command.
我有这篇帖子,这就是我创建META的方法标签,但不确定为什么它不起作用.我已经在Chrome浏览器中尝试过此操作,并且在控制台下,我只会收到类似的错误
I have this post which is how I come to creating the META tag, but not sure why it's not working. I have tried this in Chrome, and under the console, I just get errors like so
推荐答案
在网页标题部分中放置以下内容:
Put the following in the web page header section:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com ">
More details about Content Security Policy you can read here and here.
这篇关于拒绝加载脚本,因为它违反了以下“内容安全策略"指令:"style-src'self''unsafe-inline'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!