我正在尝试将 jquery 和 css 文件添加到我的 .cshtml 文件中,但我收到内容安全策略错误。
我已经尝试添加 <meta http-equiv="Content-Security-Policy" content="default-src 'self' *.aspnetcdn.com/">诸如此类的东西,但它不起作用。
Here are the errors that I am getting
这是 .cshtml 文件:
@using Genesis.SharedLibrary.ViewModels.Genesis.ALG
@inject Genesis.Application.Services.Commons.IGenericServices _genericServices;
@{
var staticFileVersion = _genericServices.GetAppSettingValue("OtherSettings", "StaticFileVersion");
}
@model List<TravelRequestAdminViewModel>
<body>
@* DATA TABLE WITH SEVEN COLUMNS AND MANY ROWS *@
</body>
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.20/css/jquery.dataTables.min.css" />
<link rel="stylesheet" type="text/css" href="http://ajax.aspnetcdn.com/ajax/jquery.dataTables/1.9.4/css/jquery.dataTables.css" />
<script type="text/javascript" src="~/lib/jquery/dist/jquery.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.20/js/jquery.dataTables.min.js"></script>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.3.1.js"></script>
<script src="~/shared/js/Views/travelRequestAdminScript.js?v=@staticFileVersion"></script>
最佳答案
您需要放宽远程脚本的默认策略
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://code.jquery.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; script-src 'self' https://example.com/ 'unsafe-inline' 'unsafe-eval'; media-src *">
引用:
https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing
关于javascript - 拒绝加载样式表,因为它违反了内容安全策略,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58824687/