在 Electron 渲染器中,我尝试通过自定义协议加载图像,但在渲染器控制台中我收到以下错误:
main_window:13 Refused to load the image 'dir://pumpjack.png' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
即使我已经明确设置了img-src。我的
index.html
:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; img-src * 'self' dir:">
<title>Star Domain</title>
</head>
<body>
<img src="dir://pumpjack.png">
<div id="board"></div>
</body>
</html>
如果我从元标记中删除
index.html
img-src,则它只显示:
content="default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'"
我收到两个内容安全策略错误:
main_window:13 Refused to load the image 'dir://pumpjack.png' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
main_window:13 Refused to load the image 'dir://pumpjack.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
我正在使用带有默认配置的 Electron 应用程序,我使用该应用程序创建了
yarn create electron-app "Star Domain" --template=webpack-typescript
为什么会发生这种情况?我可以采取什么措施来修复我的内容安全策略?请注意,使用此 CSP 设置可以正确加载 JS 和 CSS。
您显示的策略中的default-src和错误消息不同。这意味着您的页面有多项政策。您的框架(或网络服务器、负载均衡器等)可能添加了默认策略。查看响应标头并尝试确定如何设置这些策略以便能够修改或删除它们。