最近新弄一个qa环境,前后端分离项目,用nginx 做跳转,把前后端的包都丢上去了,后端去请求数据没有问题,可以返回数据,但是前端访问的时候,一直抛错
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-1Iax0dJ88jLkuqYpsJCyolLEMjxE8eCqpVFI0mUtxWk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
网上找了很久这个问题,一直以为是前端打的包有问题,后来问了一个有经验的同事,他说是csp 问题,需要配置文件,网上搜索就很快找到了类似问题的处理方式。
只需要在nginx 配置中添加
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https: data:; base-uri 'self';";