违反环境中的内容安全策略指令Ember Cli [英] Violating Content Security Policy directive in environment Ember Cli

问题描述

我已经建立了一个音乐播放器组件，其中包含了消费SoundCloud Api的音乐播放器组件。在Chrome中，我开始在我的控制台中收到此错误通知，随时播放一首歌曲我的应用程序加上歌曲没有播放。

查看错误

仅报告]拒绝连接到

所以我的问题是，我如何提供这些权限，以免违反
内容安全策略指令'connect-src'？我现在还要采取什么其他行动？

再次，问题仅在于Chrome

解决方案

为了更清楚地解决内容安全策略，并避免与更多子域进一步冲突，我建议将其更改为：

  contentSecurityPolicy：{
'connect-src'：'self'https：//*.sndcdn.com，
}，
  pre> 
I have a built a Music Player Component with ember consuming the SoundCloud Api

Suddenly in Chrome i start getting this error notification in my console anytime i play a song in my application plus the songs does not play. 

See the error



Report Only] Refused to connect to 'https://ec-media.sndcdn.com/YEqcIen0Pkq6.128.mp3?f10880d39085a94a0418a7ef69…fe493d321fb2a6a96186dcb97beab08f3cea5ad8b42d543c3edc7371f0eb5b2b00ba96395e' because it violates the following Content Security Policy directive: "connect-src 'self' data: cf-media.sndcdn.com ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report".

It is complaining about the "connect-src 'self' data: cf-media.sndcdn.com ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report".*"

This is because after bit of research i have modified in environment.js the content security policy like this
contentSecurityPolicy: {
  // 'connect-src': "'self' data: https://cf-media.sndcdn.com",
  'connect-src': "'self' data: cf-media.sndcdn.com",
},
Before my change the problem was the same and this was the console log error



So my question is, how can i give these permission in order to not violate the 
Content Security Policy directive for 'connect-src'? What other action have i to take now?

Again the problem is only in Chrome
解决方案
To more clearly address the content security policy and avoid further conflicts with more subdomains, I suggest changing it to be:
contentSecurityPolicy: {
    'connect-src': "'self' https://*.sndcdn.com",
},


                        
这篇关于违反环境中的内容安全策略指令Ember Cli的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！