以下是Content-Security-Policy
index.html
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http://example.com">
现在我动态设置<img id="updateProfilePicPreview" class="profilPicPreview" src="" />的img src为
var smallImage = document.getElementById('updateProfilePicPreview');
smallImage.style.display = 'block';
smallImage.src = "data:image/jpeg;base64," + imageData;
显示
拒绝加载图片'data:image / jpeg; base64,/ 9j / 4AAQSkZJRgABAQAAAQABAAD / 2wBDACgcHiMeGSgjISMtKygw ... p + tB / yaKKAIi2TSfjRRVCJFOyIk96rE5NFFDGgoooqBhRRRQA9elIDg5oopgIc + lFFFAH / 2Q =='因为它违反了以下内容安全策略指令:“default-src '自我'http://example.com“。请注意,'img-src'未明确设置,因此'default-src'用作后备。
那么如何动态设置img src?
我在cordova页面上关注这个例子:
var pictureSource; // picture source
var destinationType; // sets the format of returned value
// Wait for device API libraries to load
//
document.addEventListener("deviceready",onDeviceReady,false);
// device APIs are available
//
function onDeviceReady() {
pictureSource=navigator.camera.PictureSourceType;
destinationType=navigator.camera.DestinationType;
}
// Called when a photo is successfully retrieved
//
function onPhotoDataSuccess(imageData) {
// Uncomment to view the base64-encoded image data
// console.log(imageData);
// Get image handle
//
var smallImage = document.getElementById('smallImage');
// Unhide image elements
//
smallImage.style.display = 'block';
// Show the captured photo
// The in-line CSS rules are used to resize the image
//
smallImage.src = "data:image/jpeg;base64," + imageData;
}
// Called when a photo is successfully retrieved
//
function onPhotoURISuccess(imageURI) {
// Uncomment to view the image file URI
// console.log(imageURI);
// Get image handle
//
var largeImage = document.getElementById('largeImage');
// Unhide image elements
//
largeImage.style.display = 'block';
// Show the captured photo
// The in-line CSS rules are used to resize the image
//
largeImage.src = imageURI;
}
// A button will call this function
//
function capturePhoto() {
// Take picture using device camera and retrieve image as base64-encoded string
navigator.camera.getPicture(onPhotoDataSuccess, onFail, { quality: 50,
destinationType: destinationType.DATA_URL });
}
// A button will call this function
//
function capturePhotoEdit() {
// Take picture using device camera, allow edit, and retrieve image as base64-encoded string
navigator.camera.getPicture(onPhotoDataSuccess, onFail, { quality: 20, allowEdit: true,
destinationType: destinationType.DATA_URL });
}
// A button will call this function
//
function getPhoto(source) {
// Retrieve image file location from specified source
navigator.camera.getPicture(onPhotoURISuccess, onFail, { quality: 50,
destinationType: destinationType.FILE_URI,
sourceType: source });
}
// Called if something bad happens.
//
function onFail(message) {
alert('Failed because: ' + message);
}
答案 0 :(得分:55)
那我怎样才能动态设置img src?
问题是没有设置src,问题是将src设置为data:scheme URI。
将data:添加到content security policy允许的内容列表中。对于default-src或者你可以定义一个单独的img-src。
在下面的示例中,我已将img-src 'self' data:;添加到index.html文件中元标记的开头。
<meta http-equiv="Content-Security-Policy" content="img-src 'self' data:; default-src 'self' http://XX.XX.XX.XX:8084/mypp/">