phonegap + ionic 使用 Content-Security-Policy 加载 maps.googleapis.com,如何?
phonegap + ionic using Content-Security-Policy to load maps.googleapis.com, how to?
我尝试了很多加载 google 地图和 firebaseio 的方法,但都没有成功:
这就是我现在拥有的:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com;
script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';">
我得到:
Refused to load the script 'https://maps.googleapis.com/maps/api/js?libraries=places' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
Refused to load the script 'https://test.firebaseio.com/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
知道我做错了什么吗?
这成功了:)
<meta http-equiv="Content-Security-Policy"
content="default-src *;
script-src 'self' 'unsafe-inline' 'unsafe-eval'
127.0.0.1:*
http://*.google.com
http://*.gstatic.com
http://*.googleapis.com
http://*.firebaseio.com
https://*.google.com
https://*.gstatic.com
https://*.googleapis.com
https://*.firebaseio.com
;
style-src 'self' 'unsafe-inline'
127.0.0.1
http://*.google.com
http://*.gstatic.com
http://*.googleapis.com
http://*.firebaseio.com
https://*.google.com
https://*.gstatic.com
https://*.googleapis.com
https://*.firebaseio.com
">
和 google 脚本 <script src="https://maps-api-ssl.google.com/maps/api/js?libraries=places"></script>
对于没有任何限制的开发使用:
<meta http-equiv="Content-Security-Policy"
content="default-src * 'unsafe-eval' 'unsafe-inline'">
我尝试了很多加载 google 地图和 firebaseio 的方法,但都没有成功: 这就是我现在拥有的:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com;
script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';">
我得到:
Refused to load the script 'https://maps.googleapis.com/maps/api/js?libraries=places' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
Refused to load the script 'https://test.firebaseio.com/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
知道我做错了什么吗?
这成功了:)
<meta http-equiv="Content-Security-Policy"
content="default-src *;
script-src 'self' 'unsafe-inline' 'unsafe-eval'
127.0.0.1:*
http://*.google.com
http://*.gstatic.com
http://*.googleapis.com
http://*.firebaseio.com
https://*.google.com
https://*.gstatic.com
https://*.googleapis.com
https://*.firebaseio.com
;
style-src 'self' 'unsafe-inline'
127.0.0.1
http://*.google.com
http://*.gstatic.com
http://*.googleapis.com
http://*.firebaseio.com
https://*.google.com
https://*.gstatic.com
https://*.googleapis.com
https://*.firebaseio.com
">
和 google 脚本 <script src="https://maps-api-ssl.google.com/maps/api/js?libraries=places"></script>
对于没有任何限制的开发使用:
<meta http-equiv="Content-Security-Policy"
content="default-src * 'unsafe-eval' 'unsafe-inline'">