只需升级到最新的FF,我的所有后端开发人员现在都已损坏。
代码示例:
server.js
'use strict'
// dependencies
const bodyParser = require('body-parser')
const cors = require('cors')
const express = require('express')
// local definitions
const port = process.env.PORT || 4201
const bugsAPI = require('./bugs.api.js')
const app = express()
// Middleware
app.use(cors())
app.options('*',cors())
var allowCrossDomain = function(req,res,next) {
res.header('Access-Control-Allow-Origin', '*')
res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE')
res.header('Access-Control-Allow-Headers', 'Content-Type')
next();
}
app.use(allowCrossDomain)
app.use(bodyParser.json())
app.use('/api/bugs', bugsAPI)
app.listen(port, () => console.log(`Server started on port ${port}`))
bugs.api.js
const router = require('express').Router()
const mongodb = require('mongodb')
const config = require('./mongo.config.json')
// load current bugList on first request
router.get('/', async (req, res) => {
const bugList = await loadBugsCollection()
res.send(await bugList.find({}).toArray())
})
// Get list of bugs
async function loadBugsCollection() {
const client = await mongodb.MongoClient.connect(
config.mongo_hook,
{
useNewUrlParser: true,
useUnifiedTopology: true
}
)
return client.db(config.db).collection('tickets')
}
module.exports = router
以下解决方案无效:
Loading of a resource blocked by Content Security Policy
https://lollyrock.com/posts/content-security-policy/
Helmet CSP not working correctly?
How to configure CSP-headers with express/node.js?
https://github.com/nextcloud/server/issues/12724
Call to function() blocked by CSP even after adding 'unsafe-eval'
https://github.com/helmetjs/helmet
Make Angular working with restrictive Content Security Policy (CSP)
Content security policy blocking remote CSS background image
Content Security Policy "data" not working for base64 Images in Chrome 28
上周一切正常。对这一重大变化感到非常沮丧;请帮忙!