内容安全政策阻止了对*://www.google.com/recaptcha/api的请求 [英] Content security policy blocking requests to *://www.google.com/recaptcha/api
问题描述
鉴于此链接,
似乎是内联脚本,例如用于通过
In light of this link , it would seem inline scripts such as are used for inserting a recaptcha object in the page, via
<script type="text/javascript"
src="http://www.google.com/recaptcha/api/challenge?k=your_public_key">
</script>
<noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k=your_public_key"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
或通过
<script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
与
Recaptcha.create("your_public_key",
"element_id",
{
theme: "red",
callback: Recaptcha.focus_response_field
}
);
我总是会有些抱怨关于内容安全政策,尽管我的manifest.json显然允许使用 http:/ /www.google.com/recaptcha/api/js/recaptcha_ajax.js
I always get some complaint about the content security policy, despite my manifest.json apparently allowing urls' like http://www.google.com/recaptcha/api/js/recaptcha_ajax.js
我是不是真的遗漏了一些东西,使整个问题变得疯狂?
Am I missing something really obvious that makes this whole question crazy?
推荐答案
我为此花了两个小时。对我来说,我也想在这个示例中,问题出在 src
属性中;即在 http:
中。更改引用如下:
I just spent two hours fighting with this. For me, and I think for this example as well, the problem lies in the src
attribute; that is, in the http:
. Changing the references as follows:
<script type="text/javascript"
src="https://www.google.com/recaptcha/api/challenge?k=your_public_key">
^ v
<iframe src="https://www.google.com/recaptcha/api/noscript?k=
height="300" width="500" frameborder="0"></iframe>
基本上解决了该问题。使用不安全的连接访问google api,默认情况下某些浏览器(例如Chrome)不会呈现不安全的内容。
fixed the problem. Basically, you're attempting to access the google api with an unsecure connection, and certain browsers (e.g., Chrome) don't render insecure content by default.
这篇关于内容安全政策阻止了对*://www.google.com/recaptcha/api的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!