由于安全策略指令导致 ReCAPTCHA2 脚本加载错误
ReCAPTCHA2 script load error due to Security Policy directive
在我的 Angular 应用程序中,当我尝试使用 reCAPTCHA2.
时出现以下错误
vendor.js:184374 Refused to load the script 'https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit&hl=en' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
我正在使用这个 Angular 变体 - https://enngage.github.io/ngx-captcha/
我该如何解决这个问题?我当前的安全策略是 contentSecurityPolicy = "default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; worker-src blob:"
我不想对所有类型的脚本打开 Web 应用程序。
尝试这样修改它:
contentSecurityPolicy = "default-src 'self' https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; worker-src blob:"
我刚刚添加:
https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/
在我的 Angular 应用程序中,当我尝试使用 reCAPTCHA2.
vendor.js:184374 Refused to load the script 'https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit&hl=en' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
我正在使用这个 Angular 变体 - https://enngage.github.io/ngx-captcha/
我该如何解决这个问题?我当前的安全策略是 contentSecurityPolicy = "default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; worker-src blob:"
我不想对所有类型的脚本打开 Web 应用程序。
尝试这样修改它:
contentSecurityPolicy = "default-src 'self' https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; worker-src blob:"
我刚刚添加:
https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/