为什么在我添加了 Content-Security-Policy mate 后浏览器仍然拒绝加载图像 base64
why does browser still refused to load the image base64 after I added the Content-Security-Policy mate
我使用 create-react-app 创建了一个新项目,在我添加了 Content-Security-Policy mate 后浏览器仍然拒绝加载图像 base64
index.html
<meta http-equiv="Content-Security-Policy" content="img-src 'self' data: ;"/>
控制台
Refused to load the image 'data:image/gif;base64,R0lGODlhEwAVAMQAAOLx9cro7t3v89zu89bt8dXt8d/v89Ps8ODw9NLr8Nru88vo79ft8dnu8s/q79Hr783q787q78vp78nn7szp78no7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAAAAAALAAAAAATABUAAAVvICCOZGmeqIisbOu2RizP9CzceK7nQ+//wJ9iSCwai42kcslcMp7QqDRKqFqv2Gthy+16u4eweEweJ87otDr9aLvf8LdjTq/b65G8fs/fQ/6AgYKBEoWGh4UUiBILjY6PkI8Bk5SVkxWWlBOZnJQhADs=' because it violates the following Content Security Policy directive: "img-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. data:' must be added explicitely.
err msg image
有人知道为什么吗?
您显示的政策是“img-src 'self' 数据:;”而错误消息中给出的违反指令是“img-src *”。这意味着有多个策略,内容需要通过所有策略。它确实传递了元标记中定义的策略,但可能在响应 header 中设置了另一个策略,您还需要删除或修改该策略以允许“数据:”。
我使用 create-react-app 创建了一个新项目,在我添加了 Content-Security-Policy mate 后浏览器仍然拒绝加载图像 base64
index.html
<meta http-equiv="Content-Security-Policy" content="img-src 'self' data: ;"/>
控制台
Refused to load the image 'data:image/gif;base64,R0lGODlhEwAVAMQAAOLx9cro7t3v89zu89bt8dXt8d/v89Ps8ODw9NLr8Nru88vo79ft8dnu8s/q79Hr783q787q78vp78nn7szp78no7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAAAAAALAAAAAATABUAAAVvICCOZGmeqIisbOu2RizP9CzceK7nQ+//wJ9iSCwai42kcslcMp7QqDRKqFqv2Gthy+16u4eweEweJ87otDr9aLvf8LdjTq/b65G8fs/fQ/6AgYKBEoWGh4UUiBILjY6PkI8Bk5SVkxWWlBOZnJQhADs=' because it violates the following Content Security Policy directive: "img-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. data:' must be added explicitely.
err msg image
有人知道为什么吗?
您显示的政策是“img-src 'self' 数据:;”而错误消息中给出的违反指令是“img-src *”。这意味着有多个策略,内容需要通过所有策略。它确实传递了元标记中定义的策略,但可能在响应 header 中设置了另一个策略,您还需要删除或修改该策略以允许“数据:”。