错误:“请注意,'style-src-elem' 未明确设置”设置时

编程问答 2022-05-25

问题描述

enter image description here

但我没有使用 .NET 所以我不知道这个问题的答案是什么。我正在使用电子。

<head>
<Meta http-equiv="Content-Security-Policy" content="style-src-elem 'self' https://fonts.googleapis.com">

<Meta http-equiv="Content-Security-Policy" content="font-src https://fonts.gstatic.com">

<Meta http-equiv="Content-Security-Policy" content="default-src 'self'">

<Meta charset="UTF-8">

<link rel="preconnect" href="https://fonts.gstatic.com">
<link href="https://fonts.googleapis.com/css2?family=Poppins:wght@300&display=swap" rel="stylesheet">

<link rel="stylesheet" href="index.css">
</head>

这里是错误

Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Poppins:wght@300&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set,so 'default-src' is used as a fallback.

问题在这里'style-src-elem' 是明确设置的。我不知道发生了什么。请帮忙

解决方法

没关系,想通了!我以为我可以将 <meta> 标签分开以提高可读性,但事实证明并非如此。每个 <meta> 标签都覆盖了前一个标签,让所有内容都去检查最后一个 content="default-src 'self'" <meta> 标签。这是任何遇到类似问题的人的工作代码:

<head>
    <meta http-equiv="Content-Security-Policy" content="
        default-src 'self';
        style-src-elem 'self' https://fonts.googleapis.com;
        font-src https://fonts.gstatic.com;
    ">

    <meta charset="UTF-8">



    <link rel="preconnect" href="https://fonts.gstatic.com">
    <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@300&display=swap" rel="stylesheet">

    <link rel="stylesheet" href="index.css">
</head>
content-security-policygoogle-font-api