我收到此错误
拒绝加载样式表“ https://fonts.googleapis.com/css?family=Roboto:300,400,500,700”,因为它违反了以下内容安全策略指令:“ default-src'self'”。请注意,“ style-src”未明确设置,因此将“ default-src”用作备用。
有几个相关问题。我尝试使用所有相关问题的答案来修改元标记Content-Security-Policy,但没有一个能够解决错误。
错误消息指出我的CSP值与元数据中的值不同,这让我感到奇怪。
页面内容:
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="Content-Security-Policy" content="style-src 'self' http://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://themes.googleusercontent.com;">
<!--<meta http-equiv="Content-Security-Policy" content="default-src *" />-->
<!--<meta http-equiv="Content-Security-Policy" content="default-src *; style-src https://fonts.googleapis.com; font-src https://fonts.gstatic.com data:; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'" />-->
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Badgers</title>
<link rel="stylesheet" media="screen" href="/assets/stylesheets/main.css">
<link rel="stylesheet" media="screen" href="/assets/stylesheets/material-components-web.min.css"/>
<link rel="stylesheet" media="screen" href="/assets/stylesheets/normalize.min.css"/>
<link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700">
<link rel="icon" sizes="192x192" href="/assets/images/favicon.png">
<link rel="shortcut icon" type="image/png" href="/assets/images/favicon.png">
</head>
我正在开发模式下通过localhost上的http加载。