如何在 Windows 通用应用程序中设置内容安全策略 [英] How to set Content Security Policy in Windows Universal apps
问题描述
我什至不知道这是否是我需要的,但经过几天 MSDN 论坛帖子 完全没有答案 我想我会试一试在 SO.
I don't even know if that's what I need, but after several days of this MSDN Forum post with no answers at all I thought I'd give a shot in SO.
我的问题:我有许多 Windows 8.1 和 Windows Phone 8.1 HTML/Javascripts 应用程序在 <head> 中有一个小的 每个 html 页面.我开始将我的应用程序作为单个通用 Windows 应用程序迁移到 Windows 10,但出现以下错误:<script> 句子;
My problem: I have many Windows 8.1 and Windows Phone 8.1 HTML/Javascripts apps that have a little <script> sentence in the <head> of every html page. I started migrating my apps to Windows 10 as a single Universal Windows app but I get the following error:
CSP14312: Resource violated directive 'script-src ms-appx: data: 'unsafe-eval'' in Host Defined Policy: inline script. Resource will be blocked
当然,什么都没有被执行……我错过了什么吗?
and of course, nothing gets executed... am I missing anything?
要重现,只需使用 VS2015 RC 创建一个空白的 Windows 通用应用程序并添加
edit: To repro just create a blank Windows Universal app with VS2015 RC and add
<script>
console.log('hello');
</script>
就在 head 标签关闭之前
right before the head tag closes
推荐答案
Rob 说得对,默认情况下你不能在 ms-appx:/// 协议中使用内联脚本.这是应用程序的默认协议,并且具有不允许内联脚本的默认 CSP 策略.
Rob has it right, by default you can't have inline script in ms-appx:/// protocol. This is the default protocol for an application and has a default CSP policy that doesn't allow inline script.
如果您真的希望使用内联脚本,您可以通过 ms-appx-web:/// 协议导航到没有默认 CSP 策略的内容.
If you really wish to use inline script you can navigate to the content via ms-appx-web:/// protocol where there is no default CSP policy.
需要注意的是,您无权访问此协议中的某些功能.
The one note is that you do not have access to some capabilities in this protocol.
除了 Rob 所说的之外,我唯一的区别是您很可能希望像这样设置应用程序内容 URI 规则 (ACUR)
The only difference I have beyond what Rob said is that you most likely want to set the Application Content URI Rule (ACUR) like this
<uap:ApplicationContentUriRules>
<uap:Rule Type="include" Match ="ms-appx-web:///" WindowsRuntimeAccess="all"/>
</uap:ApplicationContentUriRules>
要导航到您的内容,您可以将清单中的 StartPage 设置为 ms-appx-web:///default.html
To navigate to your content you can set the StartPage in the manifest to ms-appx-web:///default.html
这篇关于如何在 Windows 通用应用程序中设置内容安全策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
