1、异常内容:html
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-FHnVzrXhpOtWrkgyliiAXazqbkNKS+/DFGxknB42YNc='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
页面的script标签内容没有解析安全
、ui
异常的缘由:spa
Content-Security-Policy的默认配置是default-src 'self'。code
解决方案:htm
添加script-src * 'unsafe-inline',对于页面内部标签不进行安全验证。blog
配置结果:ip