admin管理员组

文章数量:1292378

When I upload an image into my web application, it is showing the below error

Refused to load the image ' <URL> because it violates the following Content Security Policy directive: "default-src * data: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

I try to solve this error by using the following code

  <meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">

But it is not working. How can I fix this problem?

When I upload an image into my web application, it is showing the below error

Refused to load the image ' <URL> because it violates the following Content Security Policy directive: "default-src * data: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

I try to solve this error by using the following code

  <meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">

But it is not working. How can I fix this problem?

  • javascript
  • html
  • google-chrome
  • content-security-policy
Share Improve this question edited Jul 22, 2020 at 17:12 Peter Mortensen 31.6k22 gold badges110 silver badges133 bronze badges asked Nov 19, 2018 at 6:40 Hari9513Hari9513 1861 gold badge1 silver badge13 bronze badges
Add a ment  | 

1 Answer 1

Reset to default 1

I am not sure why you are using an "*". I am using a similar kind of stuff, but my meta tag looks something like this and it works fine for me:

<meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self';font-src 'self'; img-src 'self' data: https:; style-src 'self' ; script-src 'self'">

本文标签: javascriptViolates the following Content Security Policy directiveStack Overflow

版权声明:本文标题:javascript - Violates the following Content Security Policy directive - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741554547a2385075.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。