问题
I have created new asp.net mvc 5 project in visual studio 2015 professional And I have added meta tag in my layout for Content Security Policy as -
<meta http-equiv="content-security-policy"
content="default-src 'none'; script-src 'self';
connect-src 'self'; img-src 'self'; style-src 'self';" />
Now when I run my application I get following error in chrome browser console -
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw='), or a nonce ('nonce-...') is required to enable inline execution. modernizr-2.6.2.js:157
There are 6 errors for modernizr-2.6.2.js:157 and one is related to script, i.e. refused to load the script localhost
I don’t think I have any inline style in my project and then why CSP refused to apply error ?
回答1:
Apparently modernizr either injects a style element with some CSS properties, or else injects some style attributes; you can deal with it by changing your CSP policy this:
<meta http-equiv="content-security-policy"
content="default-src 'none'; script-src 'self';
connect-src 'self'; img-src 'self';
style-src 'self' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=';" />
来源:https://stackoverflow.com/questions/44495929/refused-to-apply-inline-style-because-it-violates-the-following-content-security