在我的index.html页面中设置:
<meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
并且也尝试过:
<meta http-equiv="Content-Security-Policy" content="default-src *; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *">
这是在React应用中。我克服了开发人员和生产人员构建中此meta标签的错误。但是,当我在AWS上部署它时,我再次收到CSP错误。静态生产版本由S3提供服务。该问题仅在Safari中发生。
完整错误:
Refused to load data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMTNweCIgaGVpZ2h0PSIxN3B4IiB2aWV3Qm94PSIwIDAgMTMgMTciIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI+CiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDQzLjIgKDM5MDY5KSAtIGh0dHA6Ly93d3cuYm9oZW1pYW5jb2RpbmcuY29tL3NrZXRjaCAtLT4KICAgIDx0aXRsZT5fQXNzZXRzL0lubGluZS9Ta2lwQmFjazE1PC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZ...wwLjk5MDQ3ODUxNiBDOCwwLjcxNTA1NzM3MyA3LjgwMTUwNDAyLDAuNTk5MjQ3OTg5IDcuNTU2NjQ2ODIsMC43MjE2NzY1ODggTDUsMiBMNSwwLjk5MDQ3ODUxNiBDNSwwLjcxNTA1NzM3MyA0LjgwMTUwNDAyLDAuNTk5MjQ3OTg5IDQuNTU2NjQ2ODIsMC43MjE2NzY1ODggTDEuNDQzMzUzMTgsMi4yNzgzMjM0MSBDMS4xOTI5MjgzMSwyLjQwMzUzNTg0IDEuMTk4NDk1OTgsMi41OTkyNDc5OSAxLjQ0MzM1MzE4LDIuNzIxNjc2NTkgTDQuNTU2NjQ2ODIsNC4yNzgzMjM0MSBDNC44MDcwNzE2OSw0LjQwMzUzNTg0IDUsNC4yODA0MDUyOSA1LDQuMDA5NTIxNDggTDUsMyBaIiBpZD0iQ29tYmluZWQtU2hhcGUiPjwvcGF0aD4KICAgICAgICA8L2c+CiAgICA8L2c+Cjwvc3ZnPg== because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy
看起来Safari不允许您使用meta标签覆盖Content-Security-Policy,至少在HTTP标头中已经通过了。我删除了meta标签并更新了HTTP标头,但我越过了错误。