违反以下内容安全策略指令 [英] Violates the following Content Security Policy directive

问题描述

当我将图像上传到Web应用程序时，它显示以下错误

When I upload an image into my web application, it is showing the below error

拒绝加载图像'< ; URL> ，因为它违反了以下内容安全策略指令： default-src * data：'unsafe-eval''unsafe-inline'''。请注意，未明确设置 img-src，因此将 default-src用作备用。

Refused to load the image ' <URL> because it violates the following Content Security Policy directive: "default-src * data: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

我尝试通过以下方法解决此错误：使用以下代码

I try to solve this error by using the following code

  <meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">

但是它不起作用。我该如何解决此问题？

But it is not working. How can I fix this problem?

推荐答案

我不确定您为什么使用 *。我使用的是类似的东西，但是我的meta标记看起来像这样，对我来说效果很好：

I am not sure why you are using an "*". I am using a similar kind of stuff, but my meta tag looks something like this and it works fine for me:

<meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self';font-src 'self'; img-src 'self' data: https:; style-src 'self' ; script-src 'self'">

这篇关于违反以下内容安全策略指令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！