它在Chrome控制台中显示错误。
拒绝加载字体'数据:字体/ WOFF; BASE64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y + RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3 / BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh / AAAAq4AAASRk5y6n3ByZ ... QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA + hLHRPbqtMo7ZHCpKdT6tPGXybzo0 + RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj / uX5 / KuEy6DL0z6A / Fn79VihxMFJsrlAFy4DpZOcvNlMeNp + BRDLj0r + XFdRxdSNSNxiI / AL3ojKdAAB4AWPw3sFwIihiIyNjX + QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M + YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQ kEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU ='因为它违反了以下内容安全策略指令:" font-src *"。
请给我任何建议?
检查下面的错误截图 https://ibb.co/daTcyT
答案 0 :(得分:0)
如果我正确理解CSP,*会匹配任何源,但您想要的是允许加载/解释数据。尝试将Content-Security-Policy更改为data:而不是*。
例如:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src data:" />
但要注意:
data:允许数据:URI用作内容源。这是不安全的;攻击者也可以注入任意数据:URI。谨慎使用,绝对不能用于脚本。