拒绝将字符串评估为 JavaScript 因为 'unsafe-eval' 不是脚本内容安全策略 directive:default-src self 的允许来源
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script Content Security Policy directive:default-src self
在我的应用程序中,我想要内容安全策略:所有指令都应设置为自我,但是当我尝试这样做时它显示以下错误
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self';".
at Function (<anonymous>)
at Function._init (yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:8:3195)
at yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:9:4331
at yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:9:4558
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-BfUVqxUMiFIZGvtAvlU3O1tTN9idUT5IuAIpMSM2F5g='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
内容安全策略必须有这个指令:
default-src 'self';
script-src 'self' 'unsafe-eval';
style-src 'self' fonts.googleapis.com;
等等。
在我的应用程序中,我想要内容安全策略:所有指令都应设置为自我,但是当我尝试这样做时它显示以下错误
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self';".
at Function (<anonymous>)
at Function._init (yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:8:3195)
at yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:9:4331
at yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:9:4558
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-BfUVqxUMiFIZGvtAvlU3O1tTN9idUT5IuAIpMSM2F5g='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
内容安全策略必须有这个指令:
default-src 'self';
script-src 'self' 'unsafe-eval';
style-src 'self' fonts.googleapis.com;
等等。