images from imgur.com is not displaying on website
我正在使用简单的html标签显示imgur.com中的图像:
1 | <img alt="Modern Dashboard Design" src="http://i.imgur.com/yst7lV9.png?1" style="height:550px; width:1024px" /> |
这是几天前的工作,但现在没有显示。图像正在jsfiddle上显示,但不在此页面上显示:
http://www.ucom.my/p/admin-page-for-website-50
查看页面源代码时,您会找到
可能是什么原因?
1 2 3 4 | Content Security Policy: The page’s settings blocked the loading of a resource at http://i.imgur.com/2qEeCDA.png ("default-src http://www.ucom.my"). Content Security Policy: The page’s settings blocked the loading of a resource at http://i.imgur.com/yst7lV9.png?1 ("default-src http://www.ucom.my"). Content Security Policy: The page’s settings blocked the loading of a resource at http://i.imgur.com/GAXEkpu.jpg ("default-src http://www.ucom.my"). Content Security Policy: The page’s settings blocked the loading of a resource at self ("default-src http://www.ucom.my"). |
打开Firebug控制台时可以看到。
您的
1 | <meta http-equiv="Content-Security-Policy" content="default-src 'self'"> |
这意味着您有意阻止了对imgur或其他任何地方的所有请求。更改为此:
1 | <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src example.com;"> |
或者将其完全删除。
看看您的浏览器检查器...
它说:
1 2 3 4 5 | [Error] Refused to load http://i.imgur.com/2qEeCDA.png because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy. [Error] Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' appears in neither the style-src directive nor the default-src directive of the Content Security Policy. (admin-page-for-website-50, line 87) [Error] Refused to load http://i.imgur.com/yst7lV9.png?1 because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy. [Error] Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' appears in neither the style-src directive nor the default-src directive of the Content Security Policy. (admin-page-for-website-50, line 89) [Error] Refused to load http://i.imgur.com/GAXEkpu.jpg because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy. |
打开浏览器的开发人员工具。查看控制台。阅读错误消息。
Refused to load the image 'http://i.imgur.com/GAXEkpu.jpg' because it violates the following Content Security Policy directive:"default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
您已包括:
1 <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
页面中的
,禁止在其他域上将
快速查看控制台可知,您遇到了许多安全错误。
Refused to load the image 'http://i.imgur.com/GAXEkpu.jpg' because it
violates the following Content Security Policy directive:"default-src
'self'". Note that 'img-src' was not explicitly set, so 'default-src'
is used as a fallback.
发生这种情况是因为:
该行代码禁止来自国外的内容。