拒绝加载图像“ https://app-name.herokuapp.com/favicon.ico”,因为它违反了以下内容安全策略指令

时间:2019-09-27 18:21:02

标签: angular heroku

几天来,我一直在尝试在heroku上部署我的角度应用程序,但是却遇到内容安全策略错误。我在StackOverflow和github上看到了许多类似的问题,但没有一个解决了我的问题。

这是我的index.html文件

<!doctype html>
<html lang="en">
<head>
  <!--META-->
  <meta http-equiv="Content-Security-Policy" 
  content="img-src 'self';style-src 'self' 
  https://maxcdn.bootstrapcdn.com https://www.w3schools.com 
  https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; 
  font-src 'self' https://use.fontawesome.com; script-src 'self' 
  https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com 
  https://maxcdn.bootstrapcdn.com">

  <meta charset="utf-8">
  <title>NgApp</title>
  <base href="/">
  <meta name="viewport" content="width=device-width, initial-scale=1">

  <!--Bootstrap 4.0.0-->
  <link rel="stylesheet" 
  href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" 
  integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" 
  crossorigin="anonymous">

  <!--font awesome-->
  <link rel='stylesheet' href='https://use.fontawesome.com/releases/v5.7.0/css/all.css' 
  integrity='sha384-lZN37f5QGtY3VHgisS14W3ExzMWZxybE1SJSEsQp9S+oqd12jhcu+A56Ebc1zFSJ' 
  crossorigin='anonymous'>


  <link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
  <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto'>
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">

  <!--jQuery-->
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
  <script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js"></script>

  <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">

</head>
<body>
  <app-root></app-root>

  <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
</body>
</html>

我也尝试删除了<meta http-equiv="..." ...>,并尝试了<meta http-equiv="Content-Security-Policy" content="default-src *;">

这是我在Chrome浏览器中收到的错误消息

  

拒绝加载字体”,因为它违反了以下内容安全策略指令:“ default-src'none'”。请注意,未明确设置“ font-src”,因此将“ default-src”用作备用。

  

拒绝加载图像'https://web-app-hub-frontend2.herokuapp.com/favicon.ico',因为它违反了以下内容安全策略指令:“ default-src'none'”。请注意,未明确设置“ img-src”,因此将“ default-src”用作备用。

enter image description here

0 个答案:

没有答案
相关问题
最新问题