我目前将 Cordova 的“Content-Security-Policy”元标记设置为:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
如果我运行 Android 模拟器,我会看到以下错误:
Refused to load the stylesheet 'https://....min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".
如果我将“Content-Security-Policy”元标记更改为:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://* 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; media-src *">
我收到以下错误:
Failed to load resource: the server responded with a status of 404 (Not Found)
我该如何解决这个问题,这样我就不会收到 404 错误,并且它会加载远程样式表和脚本?
我 100% 确定远程文件确实存在。
最佳答案
添加到配置 .xml 中:
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
在 index.html 中:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;">
<meta http-equiv="Content-Security-Policy" content="default-src * gap://ready file:; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *">
关于android - Cordova 的内容安全策略未加载外部脚本和样式表(404 错误),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48164045/