内容安全策略指令:拒绝加载字体 [英] Content Security Policy directive: Refused to load the font
问题描述
我使用angular-cli创建了一个有角度的项目,但是当我使用
启动该项目时, npm start
它显示
拒绝加载字体数据:字体/ WOFF; BASE64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y + RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3 / BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh / AAAAq4AAASRk5y6n3ByZ ... QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA + hLHRPbqtMo7ZHCpKdT6tPGXybzo0 + RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj / uX5 / KuEy6DL0z6A / Fn79VihxMFJsrlAFy4DpZOcvNlMeNp + BRDLj0r + XFdRxdSNSNxiI / AL3ojKdAAB4AWPw3sFwIihiIyNjX + QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M + YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU =,因为它违反了以下内容安全政策指令:默认-src的自我。请注意,未明确设置 font-src,因此将 default-src用作备用。
我读了一些SO答案,然后指出要设置CSP元标记,所以我添加了
< meta http-equiv = Content-Security-Policy content = default-src'self'; font-src 自身数据:fonts.gstatic.com>我的 index.html 文件中的
。但这仍然在浏览器控制台上显示相同的错误日志。有帮助吗?
该项目位于一个目录中,该目录是 作品。我不知道是什么原因? 如果在设置meta标签中的CSP之前遇到错误那么已经有一个现有的CSP。检查文档中是否有其他元标记,或者检查HTTP响应标头。您可以使用 https://securityheaders.io/ 扫描您的应用程序,以查看是否有CSP集。 / p> 注意:如果您确实在meta标签中设置了CSP,则需要将该标签放置在之前页面中,以便将任何要使用白名单的资产它。 I created a angular project using angular-cli but when I start this project using it is showing I read some SO answers then got the point that I need to set CSP meta tag so I added in my index.html file. But this is still showing the same error logs on browser console. Any help? This project is in a directory which is a git directory hosted on https://www.visualstudio.com/. when I move this project from this git directory to somewhere else and run, It works. I don't know what is the reason? If you were getting the error before you set the CSP in a meta tag then there is already an existing CSP in place. Check for other meta tags in the document or check the HTTP response header. You can use https://securityheaders.io/ to scan your application and see if there is a CSP set. Note: If you do set CSP in a meta tag the tag needs to be placed into the page prior to any asset you want to whitelist using it. The 这篇关于内容安全策略指令:拒绝加载字体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
< meta> 标记应尽可能早地放置在页面中。npm start
Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y+RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3/BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh/AAAAq4AAASRk5y6n3ByZ...QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA+hLHRPbqtMo7ZHCpKdT6tPGXybzo0+RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj/uX5/KuEy6DL0z6A/Fn79VihxMFJsrlAFy4DpZOcvNlMeNp+BRDLj0r+XFdRxdSNSNxiI/AL3ojKdAAB4AWPw3sFwIihiIyNjX+QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M+YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU=' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' data: fonts.gstatic.com">
<meta> tag should be placed as early in the page as possible.
