1. 首頁
  2. 問答
  3. 科爾多瓦錯誤:拒絕,因爲它違反了以下內容安全策略指令

科爾多瓦錯誤:拒絕,因爲它違反了以下內容安全策略指令

2017-01-09 48 views
0

我正在學習用科爾多瓦與jQuery Mobile的,我有以下錯誤執行內嵌腳本:科爾多瓦錯誤:拒絕,因爲它違反了以下內容安全策略指令

Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-iacGaS9lJJpFDLww4DKQsrDPQ2lxppM2d2GGnzCeKkU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

我的代碼如下:

<!DOCTYPE html> 
<html> 
    <head> 
     <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;"> 
     <meta name="format-detection" content="telephone=no"> 
     <meta name="msapplication-tap-highlight" content="no"> 
     <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width"> 
     <link rel="stylesheet" type="text/css" href="css/index.css"> 
     <title>Hello World</title> 
     <script> 
      $(document).ready(function() 
      { 
       $("#tryit").click(function() { 
        document.getElementById("msg").innerHTML = "hello"; 
       }); 

      }); 
     </script> 
    </head> 
    <body> 
     <button id="tryit">Try it</button> 
     <div id="msg"></div> 

     <script type="text/javascript" src="cordova.js"></script> 
     <script type="text/javascript" src="js/index.js"></script> 
    </body> 
</html>

在課堂上,我寫了這個:

cordova create hello2 com.example.hello2 hello2 
cordova platform add android 
cordova build

我認爲它有做「科爾多瓦 - 插件白名單」 ,但我不知道如何卸載NPM

來源

2017-01-09 Periseas Lilith

回答

8

你需要「不安全內聯」添加到內容安全,策略;要麼使用script-src,要麼使用default-src,要麼明確使用Javascript。所以試試類似:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">

來源

2017-01-10 14:02:10 DaveAlden

相關問題

 相關問題