因为它违反了以下内容安全策略指令:“style-src'self'”。 [英] because it violates the following Content Security Policy directive: "style-src 'self'"
问题描述
这是一个只有twitter bootstrap js的非交互式页面。
< HEAD>
< title>版本:unknown bl version vs. 1.0.487 [flavor:HISTORIC_TIME]< / title>
< link rel =stylesheethref =https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css>
< link rel =stylesheethref =https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css>
< script type =scriptsrc =https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js>< / script>
< meta content =text / html; charset = utf-8http-equiv =content-type>
< / head>
我在stackoverflow上看到一些帖子,但无法理解如何解决这个问题。
拒绝加载样式表
'
但它并没有帮助
有什么想法吗? 试试 试试将CSP拆分为一个单独的标签并添加一个style-src引用,如下所示:
< meta http-equiv = content-typecontent =text / html; charset = utf-8;>
< meta http-equiv =Content-Security-Policycontent =script-src'self'http://onlineerp.solution.quebec'unsafe-inline' '不安全-EVAL'; style-src'self'maxcdn.bootstrapcdn.com>
这应该说你相信样式来自maxcdn.bootstrapcdn.com。
内容安全政策的绝佳解释在 http://content-security-policy.com/
I have a webpage with this header.
It's a non interactive page with just twitter bootstrap js.
<head> <title>Versions: unknown bl version vs. 1.0.487 [flavor: HISTORIC_TIME]</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css"> <script type="script" src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script> <meta content="text/html; charset=utf-8" http-equiv="content-type"> <link rel="icon" href="/jenkins/view/QA/job/RoutingRegression/ws/src/main/resources/html_pages/images/favicon.png" type="image/gif" sizes="16x16"> </head>
I saw some posts on stackoverflow but couldn't understand how to fix this.
Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'self'".
landing_page.html:1 Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css' because it violates the following Content Security Policy directive: "style-src 'self'".
I tried to change the
<meta>
to<meta content="text/html; charset=utf-8 ;script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval';" http-equiv="content-type">
but it didn't help
any idea?
解决方案Try splitting out the CSP into a separate tag and add a style-src reference, like this:
<meta http-equiv="content-type" content="text/html; charset=utf-8 ;"> <meta http-equiv="Content-Security-Policy" content="script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com">
This should say that you trust styles coming from maxcdn.bootstrapcdn.com.
Great explanation of Content Security Policy is at http://content-security-policy.com/
这篇关于因为它违反了以下内容安全策略指令:“style-src'self'”。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!