Meteor BrowserPolicy 启用 'blob:' 个来源
Meteor BrowserPolicy enable 'blob:' origins
我启用了内容安全策略流星包meteor/browser-policy-common
现在我从 ostrio:files 收到与 CSP
相关的错误
Refused to create a worker from
'blob:http://localhost:3000/ef628f55-736b-4b36-a32d-b1056adfaa8c'
because it violates the following Content Security Policy directive:
"default-src 'self' http://fonts.googleapis.com
https://fonts.googleapis.com http://fonts.gstatic.com
https://fonts.gstatic.com http://code.ionicframework.com
https://code.ionicframework.com". Note that 'worker-src' was not
explicitly set, so 'default-src' is used as a fallback.
我的实际浏览器策略通用配置如下所示
import { BrowserPolicy } from 'meteor/browser-policy-common';
// e.g., BrowserPolicy.content.allowOriginForAll( 's3.amazonaws.com' );
// BrowserPolicy.content.allowFontOrigin("data:");
BrowserPolicy.framing.disallow();
BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl();
const trusted = [
'fonts.googleapis.com',
'fonts.gstatic.com',
'code.ionicframework.com',
];
_.each(trusted, (origin) => {
BrowserPolicy.content.allowOriginForAll(origin);
});
你能告诉我应该更改哪个配置以允许 ostrio:files blob:http://localhost:3000/... 工作吗?
非常感谢!
要允许 blob: 来源,您可以添加:
BrowserPolicy.content.allowOriginForAll('blob:');
Meteor 没有提供一种机制来更具体地允许 blob: 仅用于 worker-src。
我启用了内容安全策略流星包meteor/browser-policy-common
现在我从 ostrio:files 收到与 CSP
相关的错误Refused to create a worker from 'blob:http://localhost:3000/ef628f55-736b-4b36-a32d-b1056adfaa8c' because it violates the following Content Security Policy directive: "default-src 'self' http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://code.ionicframework.com https://code.ionicframework.com". Note that 'worker-src' was not explicitly set, so 'default-src' is used as a fallback.
我的实际浏览器策略通用配置如下所示
import { BrowserPolicy } from 'meteor/browser-policy-common';
// e.g., BrowserPolicy.content.allowOriginForAll( 's3.amazonaws.com' );
// BrowserPolicy.content.allowFontOrigin("data:");
BrowserPolicy.framing.disallow();
BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl();
const trusted = [
'fonts.googleapis.com',
'fonts.gstatic.com',
'code.ionicframework.com',
];
_.each(trusted, (origin) => {
BrowserPolicy.content.allowOriginForAll(origin);
});
你能告诉我应该更改哪个配置以允许 ostrio:files blob:http://localhost:3000/... 工作吗?
非常感谢!
要允许 blob: 来源,您可以添加:
BrowserPolicy.content.allowOriginForAll('blob:');
Meteor 没有提供一种机制来更具体地允许 blob: 仅用于 worker-src。