编辑phpmyadmin/libraries/Header.class.php
header(
"X-Content-Security-Policy: default-src 'self' "
. $captcha_url
. $GLOBALS['cfg']['CSPAllow'] . ';'
. "options inline-script eval-script;"
. "img-src *"
. $GLOBALS['cfg']['CSPAllow']
. $map_tile_urls
. $captcha_url
. ";"
);
header(
"X-WebKit-CSP: default-src 'self' "
. $captcha_url
. $GLOBALS['cfg']['CSPAllow'] . ';'
. "script-src 'self' "
. $captcha_url
. $GLOBALS['cfg']['CSPAllow']
. " 'unsafe-inline' 'unsafe-eval';"
. "style-src 'self' 'unsafe-inline' "
. $captcha_url
. ';'
. "img-src 'self' data: "
. $GLOBALS['cfg']['CSPAllow']
. $map_tile_urls
. $captcha_url
. ";"
);
注意 X-Content-Security-Policy 章节中 “img-src” 参数,改为 "img-src *"