内容安全政策阻止了对*：//www.google.com/recaptcha/api的请求 [英] Content security policy blocking requests to *://www.google.com/recaptcha/api

问题描述

鉴于此链接，
似乎是内联脚本，例如用于通过

In light of this link , it would seem inline scripts such as are used for inserting a recaptcha object in the page, via

<script type="text/javascript"
     src="http://www.google.com/recaptcha/api/challenge?k=your_public_key">
</script>
<noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k=your_public_key"
     height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
     value="manual_challenge">
</noscript>

或通过

 <script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>

与

Recaptcha.create("your_public_key",
"element_id",
{
  theme: "red",
  callback: Recaptcha.focus_response_field
}

）;

我总是会有些抱怨关于内容安全政策，尽管我的manifest.json显然允许使用 http：/ /www.google.com/recaptcha/api/js/recaptcha_ajax.js

I always get some complaint about the content security policy, despite my manifest.json apparently allowing urls' like http://www.google.com/recaptcha/api/js/recaptcha_ajax.js

我是不是真的遗漏了一些东西，使整个问题变得疯狂？

Am I missing something really obvious that makes this whole question crazy?

推荐答案

我为此花了两个小时。对我来说，我也想在这个示例中，问题出在 src 属性中；即在 http：中。更改引用如下：

I just spent two hours fighting with this. For me, and I think for this example as well, the problem lies in the src attribute; that is, in the http:. Changing the references as follows:

<script type="text/javascript" 
     src="https://www.google.com/recaptcha/api/challenge?k=your_public_key">
              ^  v
<iframe src="https://www.google.com/recaptcha/api/noscript?k=
     height="300" width="500" frameborder="0"></iframe>

基本上解决了该问题。使用不安全的连接访问google api，默认情况下某些浏览器（例如Chrome）不会呈现不安全的内容。

fixed the problem. Basically, you're attempting to access the google api with an unsecure connection, and certain browsers (e.g., Chrome) don't render insecure content by default.

这篇关于内容安全政策阻止了对*：//www.google.com/recaptcha/api的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！