获取错误content-security-policy错误:拒绝创建worker
获取错误content-security-policy错误:拒绝创建worker
提问于 2021-05-17 04:56:33
在我的angular项目中。我得到了下面提到的错误
refused to create a worker from 'blob:http://localhost:4200/d8633b89-9f70-4fd6-b08a-e369ccd34273' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/pdfjs-dist@2.5.207/es5/build/pdf.worker.js". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.我知道它的相关内容安全策略。我已经设置了CSP。就是这里
default-src 'self';
script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/pdfjs-dist@2.5.207/es5/build/pdf.worker.js;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: https://*.amazonaws.com;
media-src 'self' data: https://*.amazonaws.com;
connect-src 'self' http://localhost:* ws://localhost:*;
font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:;
childSrc blob
worker-src blob:但我仍然收到错误。
回答 1
Stack Overflow用户
发布于 2021-05-18 20:44:46
我认为没有用分号来分隔font-src、child-src (我想childSrc是不正确的)和worker-src
default-src 'self';
script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/pdfjs-dist@2.5.207/es5/build/pdf.worker.js;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: https://*.amazonaws.com;
media-src 'self' data: https://*.amazonaws.com;
connect-src 'self' http://localhost:* ws://localhost:*;
font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:;
child-src blob:;
worker-src blob:;页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/67561517
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号