Refused to apply inline style because it violates the following Content Security Policy directive: “style-src 'self'” modernizr
我已经在Visual Studio 2015 Professional中创建了新的ASP.NET MVC 5项目
并且我在内容安全政策的布局中添加了元标记,如下所示:
1 2 3 | <meta http-equiv="content-security-policy" content="default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';" /> |
现在,当我运行我的应用程序时,在Chrome浏览器控制台中出现以下错误-
Refused to apply inline style because it violates the following Content Security Policy directive:"style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw='), or a nonce ('nonce-...') is required to enable inline execution.
modernizr-2.6.2.js:157
modernizr-2.6.2.js:157有6个错误,一个与脚本有关,即拒绝加载脚本localhost
我认为我的项目中没有任何内联样式,为什么CSP拒绝应用错误?
显然,modernizr要么注入具有某些CSS属性的
1 2 3 4 | <meta http-equiv="content-security-policy" content="default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=';" /> |