CSP error while serving with express (with helmet) an app created with create-react-app

后端未结

关注

 2  1012

感动是毒 2021-01-23 10:18

I\'m struggling with serving a build created with "create-react-app" using Express with Helmet. I\'m getting several errors in the explorer console related to Content

2条回答

悲哀的现实 (楼主)

2021-01-23 10:40
Helmet maintainer here.

This is happening because of something called Content Security Policy, which Helmet sets by default. To solve your problem, you will need to configure Helmet's CSP.

MDN has a good documentation about CSP which I would recommend reading for background. After that, take a look at Helmet's README to see how to configure its CSP component.

To give some help specific to this question, let's take a look at one error you're seeing:
```
Content Security Policy: This page's settings blocked the loading of a resource at inline ("script-src").
```
This error is telling you that the script-src directive of your CSP does not allow inline JavaScript, and so it was blocked.

This is considered "inline" JavaScript:
This, however, is not:
There are several ways to fix this:
1. Add a hash or nonce to the inline