我在本地有以下js文件;
<script type="text/javascript" src="js/jquery-1.11.1.min.js"></script>
在Ripple中运行我的Cordova Phonegap应用程序会引发以下错误;
jquery.mobile-1.4.5.min.js:3 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==' because it violates the following Content Security Policy directive: "default-src * 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
我在html中有以下元数据;
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'">
如何防止(CSP)违规错误被抛出?任何修复?
修改:将ajax.googleapis网址添加到meta有助于删除大多数CSP错误;
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' https://ajax.googleapis.com/ 'unsafe-inline'">
但我仍然有一些像以下一样;
Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAI3gABIAAAABRWQAAQABAAAAAAAAAAAAAAAAAAAAA…IwnaGGIYHBlUELLMKwH6htK8MUhmKGIAYjqCImVEUgs1mBOtm1gRYpuNZmSrgAALqcEVgAAAA=' because it violates the following Content Security Policy directive: "default-src * 'unsafe-eval' https://ajax.googleapis.com/ 'unsafe-inline'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
错误来源是:http://localhost:3000/#&ui-state=dialog
但我相信这并不是什么大问题,因为我认为是Ripple Emulator导致了这个错误。
答案 0 :(得分:5)
添加到内容安全指令:img-src&#39; self&#39;数据:;
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:">
这是根据CSP规范中的语法