我在控制台中的错误如下:
拒绝加载样式表'data:text / css,@ import%20url%28%27http%3A // localhost%3A8080 / scorm / company1 / scorm12 / style / assessmentment.css%27%29%3B'它违反了以下内容安全策略指令:“ style-src'self''unsafe-inline'https://fonts.googleapis.com https://fonts.googleapis.com”。
我在http-header中的内容安全策略如下:
{
"android_play_store_link": "",
"ios_app_store_link": "",
"sticker_packs": [
{
"identifier": "test",
"name": "test",
"publisher": "",
"tray_image_file": "53.png",
"publisher_email":"",
"publisher_website": "",
"privacy_policy_website": "",
"license_agreement_website": "",
"stickers": [
{
"image_file": "1.webp",
"emojis": ["âک•","ًں™‚"]
},
{
"image_file": "2.webp",
"emojis": ["ًںک„","ًںک€"]
},
{
"image_file": "3.webp",
"emojis": ["ًںک†","ًںک‚"]
},
{
"image_file": "4.webp",
"emojis": ["ًںک©","ًںک°"]
}
]
},
{
"identifier": "test2",
"name": "test2",
"publisher": "",
"tray_image_file": "53.png",
"publisher_email":"",
"publisher_website": "",
"privacy_policy_website": "",
"license_agreement_website": "",
"stickers": [
{
"image_file": "1.webp",
"emojis": ["âک•","ًں™‚"]
},
{
"image_file": "2.webp",
"emojis": ["ًںک„","ًںک€"]
},
{
"image_file": "3.webp",
"emojis": ["ًںک†","ًںک‚"]
},
{
"image_file": "4.webp",
"emojis": ["ًںک©","ًںک°"]
}
]
},
]
}
问题是我使用了'Content-Security-Policy' "default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com http://www.google-analytics.com 'unsafe-inline'; **style-src * 'unsafe-inline'** ;
,但是我不知道为什么会发生错误。请帮助我,并解释错误的详细信息。
最重要的是我现在在我的业务项目中使用此策略。
所以我想快点。
答案 0 :(得分:1)
为什么要在**style-src * 'unsafe-inline'**中加倍“通配符”(**)?
应为"default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com http://www.google-analytics.com 'unsafe-inline'; style-src * 'unsafe-inline'"