我在MVC core 2.2应用程序中使用了NWebSec nuget包 如果我运行此代码,我的Ajax调用将被阻止 任何想法;
//CSP Content Security Policy
app.UseCsp(options => options
.DefaultSources(s => s.Self())
.ScriptSources(s => s.Self().UnsafeInlineSrc = true) // allow inline script
.ScriptSources(x=> x.Self().UnsafeEvalSrc = true) // allow events
.ConnectSources(x=> x.Self().NoneSrc = true)
.StyleSources(s=> s.Self().UnsafeInlineSrc = true));
我的Ajax呼叫是:
showPleaseWait();
$.ajax({
url: "@Url.Action("GetData", "DataGenerator")",
dataType: 'json',
type: "POST",
data: { filter: selectedKeys },
success: function (d) {
hidePleaseWait();
window.location = "@Url.RouteUrl(new { Controller = "DataGenerator", Action = "downloadDocx"})/?fileName=" + d.filename;
},
error: function (xhr, status, error) {
hidePleaseWait();
alert("Error: Please refresh the page and try again!\n" + "Status:"+status + "\nError: " + error + "\nxhr.status: " + xhr.status + "\nxhr.statusText: " + xhr.statusText);
}
});
我的模态代码是:
function showPleaseWait() {
if (document.querySelector("#modalPush") == null) {
var modalLoading = '<div class="modal" id="pleaseWaitDialog" data-backdrop="static" data-keyboard="false" role="dialog">\
<div class="modal-dialog">\
<div class="modal-content">\
<div class="modal-header">\
<h4 class="modal-title">\
<span > Generating your report....</span> \
</h4>\
</div>\
<div class="modal-body">\
<div class="progress">\
<div class="progress-bar progress-bar-striped progress-bar-animated bg-success" role="progressbar" style="width: 100%" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100"></div>\
</div>\
</div>\
<div class="modal-footer">\
<span > Please wait ....</span> \
</div>\
</div>\
</div>\
</div>\
</div>';
$(document.body).append(modalLoading);
}
$("#pleaseWaitDialog").modal("show");
}
function hidePleaseWait() {
$("#pleaseWaitDialog").modal("hide");
}