it violates the following Content Security Policy directive: "default-src 'self' http://example.com"...

最新推荐文章于 2024-03-28 11:12:13 发布
最新推荐文章于 2024-03-28 11:12:13 发布
阅读量1.5k 收藏
点赞数
原文链接:http://www.cnblogs.com/xiaoxiaoluoye/p/6945044.html
版权

昨天再调试APP的时候,图片无法显示了,看了下控制台报错信息,发现控制台报 it violates the following Content Security Policy directive: "default-src 'self' http://example.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. 这类的错误,在网上找了一些资料,发现是因为没有设置img-src的缘故,在index.html中

<meta http-equiv="Content-Security-Policy" content="default-src *;img-src 'self' data: base64; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"/>

添加,在default-src:*;后面添加
img-src 'self' data: base64;
之后,图片成功显示,问题解决。

转载于:https://www.cnblogs.com/xiaoxiaoluoye/p/6945044.html

ailiaojiao5464
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
uuid_time.rar_The Guts
09-20
Interpret the time field from a uuid. This program violates the UUID abstraction barrier by reaching into the guts of a UUID and interpreting it.
关于'It violates the following Content Security Policy directive: ‘iframe-src'’
热门推荐
fengdetiankong的专栏
03-18 4万+
提笔写这个文章有些担心,因为毕竟技术不够好,英语不够好,好,废话少说,开始说。 最近在做一个产品的维护,SpeedyPassword,一款密码管理器。 SpeedyPassword介绍: SpeedyPasswor是一款可以记录各个网站密码的浏览器插件,跨浏览器使用。 它自己有一个主密码。假如我在chrome浏览器上安装了SpeedyPassword,但是没有登录SpeedyPassword
[Error] because it violates the following Content Security Policy directive
Nicker_的专栏
03-18 2万+
[Error] because it violates the following Content Security Policy directive html开发过程中,遇到以下错误,意思是html的meta设置的权限问题 Refused to connect to 'blob:http://localhost:8080/6d57f07f-3c2f-49ca-be30-fd0b7f4cff6e' because it violates the following Content Security Pol
正当防卫CSP(content security policy
weixin_43964271的博客
09-05 3585
because it violates the following Content Security Policy directive: "default-src 'self'
because it violates the following Content Security Policy directive
qq_30432311的博客
11-26 1万+
问题:今天到公司打开的我vue项目,就报错了,明明昨天还是好好的啊,然后打开控制台,发现报了这样的错: 然后通过有道翻译了一下:拒绝加载图像的http://localhost:8080/favicon。因为它违反了以下内容安全政策指令:“default-src‘none’”。注意,'img-src'没有被显式设置,因此'default-src'被用作回退。 可是我昨天就加了个阿里图标,虽...
VUE报错because it violates the following Content Security Policy directive
yangwq的博客
04-24 1万+
VUE启动服务后控制台报错:Refused to load the image 'http://localhost:8080/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not expli...
接口请求出现because it violates the followingContent Security Policy directive: “default-srcself‘“. Note
dujunuan的博客
03-28 2529
因为在Content Securty Policy中,没有配置对应的部分,那么会默认使用default-src指令,而defauit-src指令中没有设置我们发送请求un设置,因此拒绝访问。只要是配置了connect-src指令,则不会使用默认指令default-src
Chrome扩展页面动态绑定JS事件提示错误
12-08
这个问题的根源在于Chrome浏览器的安全策略,尤其是Content Security Policy (CSP)。CSP是一种安全机制,用于防止跨站脚本攻击(XSS)和其他恶意注入。在Chrome扩展中,CSP限制了JavaScript的执行方式,以保护用户免受...
java中排序报:Comparison method violates its general contract异常的解决
08-30
在Java编程中,当执行排序操作时,可能会遇到一个特定的异常:“Comparison method violates its general contract”。这个异常通常发生在使用`Arrays.sort()`或`Collections.sort()`方法时,尤其是在从Java 6升级到...
Batch-file-sharing:共享程序(有时候也分享源代码)-源码时代
03-24
If the shared file violates your rights or interests, please contact me at the following email address! 什么是批处理? 批处理就是Windows系统里一段经过特殊标记的代码使用记事本等文本编辑器保存为后缀标题...
ms05039.rar
06-18
You and Foundstone agree to submit to the personal and exclusive jurisdiction of the California state court located in Santa Ana, California and the United States District Court for the ...
【问题出现】because it violates the following Content Security Policy directive: “default-srcself‘“
weixin_44943389的博客
03-15 3348
这个错误表明您的网站正在尝试从一个不在内容安全策略(Content Security Policy,CSP)允许列表中的源进行资源预获取(prefetch)。如果您是通过后端代码(如 Node.js、PHP 等)设置 CSP 的,您需要在响应头中添加或更新 CSP。如果您是通过 Web 服务器(如 Apache 或 Nginx)设置 CSP 的,您需要在服务器配置文件中更新 CSP 设置。要解决这个问题,您需要更新您网站的内容安全策略(CSP),以允许从。在这个特定的错误中,您的网站尝试从。
使用js连接websocket报错VM4143:11 Refused to connect to ‘‘ because it violates the following Content Securi
qqqwdsada的博客
04-07 3465
在百度搜索无果后在一系列查略测试后发现在html头中调整加入 connect-srcself’ ws:;
violates the following Content Security Policy directive:default-src *谷歌iconfont图标显示方块 拒绝加载字体违反安全策略
积极的小可爱~的博客
02-20 4745
项目运行没有问题,iconfont的css文件什么的导入也没有问题。 但是用谷歌iconfont 的图标都是小方块! 打开控制台报这个错误: Refused to load the font ‘’ because it violates the following Content Security Policy directive: “default-src *”. Note that ‘fon...
[nginx] Refused to load the font ‘data:application/x-font-woff;‘Note that ‘font-src‘ was not explici
qubes的专栏
10-09 2895
question Nginx添加CSP响应头设置之后报错: Refused to load the font 'data:application/x-font-woff;charset=utf-8;base64,d09G…’ because it violates the following Content Security Policy directive: “default-srcself’”. Note that ‘font-src’ was not explicitly set, so ‘def
Refused to load the image '<URL>' because it violates the following content security polity diretive
Alice9969的博客
03-02 9049
转载地址:https://www.cnblogs.com/xiaoxiaoluoye/p/6945044.html 深入学习地址:https://www.cnblogs.com/Hwangzhiyoung/p/9146740.html 控制台报错: Refused to load the image '<URL>' because it violates the follo...
Nginx Content-Security-Policy csp问题
zm170305的博客
05-26 1949
最近新弄一个qa环境,前后端分离项目,用nginx 做跳转,把前后端的包都丢上去了,后端去请求数据没有问题,可以返回数据,但是前端访问的时候,一直抛错。网上找了很久这个问题,一直以为是前端打的包有问题,后来问了一个有经验的同事,他说是csp 问题,需要配置文件,网上搜索就很快找到了类似问题的处理方式。只需要在nginx 配置中添加。
because it violates the following Content Security Policy directive: “default-src ‘none‘“
黑夜心依的博客
05-25 5084
在打开页面时浏览器报如下错误: Refused to load the script 'http://xx.xx.xx.xx:xxxxx/livereload.js?snipver=1' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is
cordova错误之: Refused to connect to XXX -- because it violates the following Content Security Policy..
weixin_43343144的博客
04-11 2万+
Refused to connect to 'http://localhost:8545/' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that ...
because it violates the following Content Security Policy directive: "connect-src 'self' workbench ws
最新发布
03-30
Content Security Policy (CSP) is a security mechanism implemented by web browsers to protect against cross-site scripting (XSS) attacks and other malicious activities. It allows website administrators to define a set of policies that specify which sources of content, such as scripts, stylesheets, or images, are allowed to be loaded by the browser. The error message you mentioned, "because it violates the following Content Security Policy directive: 'connect-src 'self' workbench ws'", indicates that the requested resource violates the connect-src directive of the Content Security Policy. The connect-src directive specifies the valid sources for making network connections, such as AJAX requests or WebSocket connections. In this case, the requested resource is trying to establish a connection to a source that is not allowed by the Content Security Policy. The allowed sources for network connections are specified as 'self' and 'workbench ws', meaning that the resource can only connect to the same origin ('self') or to a specific source called 'workbench ws'. To resolve this issue, you need to either modify the Content Security Policy to allow the requested resource's connection or adjust the resource's code to comply with the existing policy.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值