Html 内容安全策略:“img-src 'self' 数据:”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40360109/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Content Security Policy: "img-src 'self' data:"
提问by Rafael de Castro
I have an app, in wich the user would be able to copy an image URL, paste it unto an input and the image will be loaded on a box.
我有一个应用程序,用户可以在其中复制图像 URL,将其粘贴到输入中,然后图像将加载到框上。
But my app, keep triggering this message:
但是我的应用程序不断触发此消息:
Refused to load the image 'LOREM_IPSUM_URL' because it violates
the following Content Security Policy directive: "img-src 'self' data:".
That's my meta tag:
这是我的元标记:
<meta http-equiv="Content-Security-Policy" content="default-src *;
img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;
style-src 'self' 'unsafe-inline' *">
I'm using html2Canvas within the app, and when I remove this: "img-src 'self' data:"
我在应用程序中使用 html2Canvas,当我删除它时:“img-src 'self' data:”
It fire this error:
它触发此错误:
html2canvas.js:3025 Refused to load the image 'data:image/svg+xml,
<svg xmlns='http://www.w3.org/2000/svg'></svg>' because it violates
the following Content Security Policy directive: "default-src *".
Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
Along with a bunch of other errors...
连同一堆其他错误......
回答by manzapanza
Try replacing this part:
尝试更换这部分:
img-src * 'self' data: https:;
So the complete tag:
所以完整的标签:
<meta http-equiv="Content-Security-Policy" content="default-src *;
img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;
style-src 'self' 'unsafe-inline' *">
