electron/js2c/renderer_init.js:133 Refused to apply inline style because it violates the following Content Security Policy directive: “default-src ‘self'”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-XNfYdUW7S7AWSxlvq47SGsGIxvvzKwvUGdsFQQ/zXf4=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘style-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

背景:

当运行一个Electron项目时,出现了如下报错信息

electron/js2c/renderer_init.js:133 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-XNfYdUW7S7AWSxlvq47SGsGIxvvzKwvUGdsFQQ/zXf4='), or a nonce ('nonce-…') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

解决办法:

错误提示中,已经说是违反了Content Security Policy指令,因为在Content Security Policy中,没有配置对应的部分,那么会默认使用default-src指令,而default-src指令中没有设置我们发送请求url设置,因此拒绝访问。

如果要设置允许请求数据的话,则需要设置Content-Security-Policy的connect-src *,意思是可以请求到任何的url,如下所示:

<meta http-equiv="Content-Security-Policy" content="connect-src *; default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">

只要是配置了connect-src指令,则不会使用默认指令default-src。

效果图:

如果觉得文章有帮助到你,可以扫描以下二维码
   请本文作者 喝一杯
pay_weixin pay_weixin

发表评论

电子邮件地址不会被公开。 必填项已用*标注