Question

尝试在Meteor中使用Sir Trevor JS上传图片，但获得：

Refused to load the image 'blob:http%3A//localhost%3A3000/a28ef7dc-ee51-4290-9941-6b8fc317e685' 
because it violates the following Content Security Policy directive: 
"img-src data: 'self' http://*.googleapis.com https://*.googleapis.com
http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com 
https://*.bootstrapcdn.com http://*.facebook.com https://*.facebook.com 
http://*.fbcdn-profile-a.akamaihd.net https://*.fbcdn-profile-a.akamaihd.net 
blob://*.localhost".

我使用浏览器政策包，不知道如何接受此网址。我尝试了很多不同的政策，但无法让它发挥作用。例子：

BrowserPolicy.content.allowDataUrl("blob://*.localhost:3000");
BrowserPolicy.content.allowOriginForAll("blob:*.localhost:3000/");
BrowserPolicy.content.allowOriginForAll("blob:*.localhost:3000");
BrowserPolicy.content.allowImgUrlForAll();
BrowserPolicy.content.allowSameOriginForAll();

有什么想法吗？

Answer 1

奥基，

这实际上解决了这个问题：

BrowserPolicy.content.allowOriginForAll('blob:');

虽然不是很安全。

找到它here

Answer 2

我也使用Meteor-Files包来解决这个问题。我能够将browser-policy-content包的克隆添加到我的本地项目，并将'worker-src'添加到资源对象（在browser-policy-content.js中）：

var resources = [
    { methodResource: "Script", directive: "script-src" },
    { methodResource: "Object", directive: "object-src" },
    { methodResource: "Image", directive: "img-src" },
    { methodResource: "Media", directive: "media-src" },
    { methodResource: "Font", directive: "font-src" },
    { methodResource: "Connect", directive: "connect-src" },
    { methodResource: "Style", directive: "style-src" },
    { methodResource: "Frame", directive: "frame-src" },
    { methodResource: "FrameAncestors", directive: "frame-ancestors" }, 
    { methodResource: 'WorkerSource', directive: 'worker-src' }//added this!
];

然后我可以将以下内容添加到我的startup.js：

BrowserPolicy.content.allowWorkerSourceBlobUrl('localhost');

Meteor浏览器策略：允许上传图像

2 个答案: