Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
202 views
in Technique[技术] by (71.8m points)

javascript - Google Chrome "Refused to load the script" error in Angular application

I have observed the following error on Chrome Dev Console even if using Incognito Window:

Refused to load the script 'https://localhost:5001/_framework/aspnetcore-browser-refresh.js' because it violates the following Content Security Policy directive: "script-src 'sha256-ZT3q7lL9GXNGhPTB1Vvrvds2xw/kOV0zoeok2tiV23I='". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I have a look at the causes and commonly browser extensions are reported, but in Incognito Window, there is not any extension, etc. So, any fix related to the problem?

question from:https://stackoverflow.com/questions/65907946/google-chrome-refused-to-load-the-script-error-in-angular-application

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Try to change the security policy, for example:

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' https://localhost:5001 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'" />

Or only

<meta http-equiv="Content-Security-Policy" content="script-src 'self' https://localhost:5001 'unsafe-inline' 'unsafe-eval'" />

Chrome has the CSP (Content Security Policy).

  • You can't use inline scripting in your Chrome App pages. The restriction bans both blocks and event handlers ().
  • You can't reference any external resources in any of your app files (except for video and audio resources). You can't embed external resources in an iframe.
  • You can't use string-to-JavaScript methods like eval() and new Function().

Here is the policy value:

default-src 'self';
connect-src * data: blob: filesystem:;
style-src 'self' data: 'unsafe-inline';
img-src 'self' data:;
frame-src 'self' data:;
font-src 'self' data:;
media-src * data: blob: filesystem:;

More infomation


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...