离子图标通过错误由于“内容安全策略”。

Question

奇怪的事情一天一天地发生。

突然之间，我收到了这个错误，我的Ionic应用程序，这是由离子回按钮，以及其他离子图标。

以下是错误：

Refused to connect to 'data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' class='ionicon' viewBox='0 0 512 512'><title>Arrow Back</title><path stroke-linecap='square' stroke-miterlimit='10' stroke-width='48' d='M244 400L100 256l144-144M120 256h292' class='ionicon-fill-none'/></svg>' because it violates the following Content Security Policy directive: "default-src * 'unsafe-eval' 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. data:' must be added explicitely.

(anonymous) @ polyfills.11e22041d02a3781.js:1
polyfills.11e22041d02a3781.js:1 Refused to connect to 'data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' class='ionicon' viewBox='0 0 512 512'><title>Arrow Back</title><path stroke-linecap='square' stroke-miterlimit='10' stroke-width='48' d='M244 400L100 256l144-144M120 256h292' class='ionicon-fill-none'/></svg>' because it violates the document's Content Security Policy.

这是我的package.json

"dependencies": {
    "@angular/animations": "^13.3.0",
    "@angular/cli": "^13.3.0",
    "@angular/common": "~13.3.0",
    "@angular/compiler": "~13.3.0",
    "@angular/core": "~13.3.0",
    "@angular/forms": "~13.3.0",
    "@angular/platform-browser": "~13.3.0",
    "@angular/platform-browser-dynamic": "~13.3.0",
    "@angular/router": "~13.3.0",
    "@hetznercloud/ngx-translate-mock": "^0.1.0",
    "@ionic-native/android-permissions": "^5.29.0",
    "@ionic-native/barcode-scanner": "^5.29.0",
    "@ionic-native/ble": "^5.29.0",
    "@ionic-native/bluetooth-le": "^5.29.0",
    "@ionic-native/core": "^5.29.0",
    "@ionic-native/file": "^5.32.1",
    "@ionic-native/geolocation": "^5.30.0",
    "@ionic-native/http": "^5.30.0",
    "@ionic-native/in-app-browser": "^5.29.0",
    "@ionic-native/location-accuracy": "^5.33.1",
    "@ionic-native/network": "^5.29.0",
    "@ionic-native/splash-screen": "^5.29.0",
    "@ionic-native/status-bar": "^5.29.0",
    "@ionic/angular": "^6.1.0",
    "@ionic/cordova-builders": "^6.1.0",
    "@ionic/storage": "^2.2.0",
    "@ngx-translate/core": "^13.0.0",
    "@ngx-translate/http-loader": "4.0",
    "chart.js": "^2.9.4",
    "colors": "^1.1.2",
    "cordova-plugin-android-permissions": "^1.1.0",
    "cordova-plugin-ble-central": "^1.2.5",
    "cordova-plugin-bluetoothle": "^4.5.14",
    "cordova-plugin-inappbrowser": "^3.2.0",
    "core-js": "^3.21.1",
    "ngx-toastr": "^11.3.3",
    "rxjs": "^6.6.3",
    "rxjs-compat": "^6.6.7",
    "save": "^2.4.0",
    "tslib": "^2.0.0",
    "xmlhttprequest": "^1.8.0",
    "zone.js": "~0.11.4"
  }

Answer 1

我修正了它，在我的connect中添加了'data:‘，如下所示：

<meta 
  http-equiv="Content-Security-Policy" 
  content="
    default-src * 'unsafe-eval' 'unsafe-inline';
    connect-src 'self' data:;
    font-src 'self' data:;
    img-src * data:; 
">

Answer 2

我把我的离子5更新为离子6

离子5 index.html文件如下所示：

<head>
  ...
  <meta http-equiv="Content-Security-Policy" content="font-src 'self' data:; img-src * data:; default-src * 'unsafe-eval' 'unsafe-inline'">
  ...
</head>

离子6 index.html文件不包含内容安全-政治元。

删除这一行解决了问题。

没有安全问题，因为Ionic团队本身删除了这个约束。