我启用了内容安全策略 meteor 包 meteor/browser-policy-common
现在我从 ostrio 收到这个错误:与 CSP 相关的文件
Refused to create a worker from 'blob:http://localhost:3000/ef628f55-736b-4b36-a32d-b1056adfaa8c' because it violates the following Content Security Policy directive: "default-src 'self' http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://code.ionicframework.com https://code.ionicframework.com". Note that 'worker-src' was not explicitly set, so 'default-src' is used as a fallback.
我的实际浏览器策略通用配置如下所示
import { BrowserPolicy } from 'meteor/browser-policy-common';
// e.g., BrowserPolicy.content.allowOriginForAll( 's3.amazonaws.com' );
// BrowserPolicy.content.allowFontOrigin("data:");
BrowserPolicy.framing.disallow();
BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl();
const trusted = [
'fonts.googleapis.com',
'fonts.gstatic.com',
'code.ionicframework.com',
];
_.each(trusted, (origin) => {
BrowserPolicy.content.allowOriginForAll(origin);
});
你能告诉我应该更改哪个配置以允许 ostrio:files blob: http://localhost:3000/ ...工作?
非常感谢!
最佳答案
要允许 blob:
来源,您可以添加:
BrowserPolicy.content.allowOriginForAll('blob:');
Meteor 没有提供一种机制来更具体地允许 blob:
仅用于 worker-src
。
关于javascript - Meteor BrowserPolicy 启用 'blob:' 来源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43943970/