问题描述
在我的 Angular
应用程序中,当我尝试使用 reCAPTCHA2
时出现以下错误。
vendor.js:184374 Refused to load the script 'https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit&hl=en' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set,so 'script-src' is used as a fallback.
我正在使用这个 Angular
变体 - https://enngage.github.io/ngx-captcha/
我该如何解决这个问题?我目前的安全政策是 contentSecurityPolicy = "default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; worker-src blob:"
我不想对所有类型的脚本打开 Web 应用程序。
解决方法
尝试像这样修改它:
contentSecurityPolicy = "default-src 'self' https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; worker-src blob:"
我刚刚添加:
https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/