gpt4 book ai didi

.net-core - 出现 "Refused to apply inline style because it violates the following Content Security Policy"错误

转载 作者:行者123 更新时间:2023-12-02 19:58:45 25 4
gpt4 key购买 nike

运行应用程序时出现以下错误

拒绝应用内联样式,因为它违反了以下内容安全策略指令:“style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5J贾兹='”。启用内联执行需要“unsafe-inline”关键字、哈希值(“sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=”)或随机数(“nonce-...”)。

下面是我当前使用的代码

const string modernizrHash1 = "sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=";
const string modernizrHash2 = "sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=";
app.UseCsp(options => options
.DefaultSources(s => s.Self())
.ScriptSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/"))
.StyleSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/", modernizrHash1, modernizrHash2))
.FontSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/"))
.ImageSources(s => s.Self().CustomSources("data:"))
);

最佳答案

哈希 4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ= 用于 CSS word-wrap: break-word; white-space: pre-wrap;,当您不提供 HTML 文档时,Chrome 会自动应用内联样式;

服务器响应示例:

Content-Type: text/plain; charset=utf-8
Content-Length: 9
Content-Security-Policy: default-src 'self'
Date: Thu, 04 Nov 2021 11:33:49 GMT

some text

Chrome 中的 DOM

<html><head></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">some text</pre></body></html>

控制台错误

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.```

将哈希添加到 default-srcstyle-src 不会有帮助,因为它是“内联样式”并且“哈希不适用于样式属性” .

最好的解决办法是确保您使用 CSP header 提供正确的 HTML 文档,这样浏览器就不会用自己的样式来装饰它。

关于.net-core - 出现 "Refused to apply inline style because it violates the following Content Security Policy"错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56357592/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com