修改前nginx 中的配置:
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval';`
修改后nginx 中的配置:
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * blob: ; ";
不能加载的原因是CSP将资源拦截防止跨域攻击,然后浏览器会报诸如这样的错误:
it violates the following Content Security Policy directive: “default-src ‘self’ http://example.com”. Note that ‘img-src’ was not explicitly set, so ‘default-src’ is used as a fallback.