'unsafe-eval' 不是允许的脚本源
'unsafe-eval' is not an allowed source of script
Error: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
该错误仅在其他浏览器中显示,而不是 chrome。我找到了一些答案,他们说要添加
<meta http-equiv="Content-Security-Policy" content="font-src 'self' 'unsafe-inline' data:; img-src 'self' data:; style-src 'self' 'unsafe-inline' data:; script-src 'unsafe-eval' 'unsafe-inline' data:; default-src 'self' localhost:*">
参考: Content Security Policy
添加元标记后,刷新浏览器时会弹出一个错误,包括 chrome。
Error: Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-inline' data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
请帮忙
我找到了答案。
问题出在 helmet 节点模块上。
当我从后端删除 app.use(helmet()) 时,问题就消失了。
如果您也遇到此错误,我将 app.use(helmet()) 替换为 app.use(
头盔({
内容安全政策:假的,
})
);
Error: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
该错误仅在其他浏览器中显示,而不是 chrome。我找到了一些答案,他们说要添加
<meta http-equiv="Content-Security-Policy" content="font-src 'self' 'unsafe-inline' data:; img-src 'self' data:; style-src 'self' 'unsafe-inline' data:; script-src 'unsafe-eval' 'unsafe-inline' data:; default-src 'self' localhost:*">
参考: Content Security Policy
添加元标记后,刷新浏览器时会弹出一个错误,包括 chrome。
Error: Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-inline' data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
请帮忙
我找到了答案。 问题出在 helmet 节点模块上。 当我从后端删除 app.use(helmet()) 时,问题就消失了。
如果您也遇到此错误,我将 app.use(helmet()) 替换为 app.use( 头盔({ 内容安全政策:假的, }) );