一、异常内容:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'".
Either the 'unsafe-inline' keyword, a hash ('sha256-FHnVzrXhpOtWrkgyliiAXazqbkNKS+/DFGxknB42YNc='),
or a nonce ('nonce-...') is required to enable inline execution.
Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
页面的script标签内容没有解析
、
异常的原因:
Content-Security-Policy的默认配置是default-src 'self'。
解决方案:
添加script-src * 'unsafe-inline',对于页面内部标签不进行安全验证。
配置结果&#x