win*_*yer 11 ember.js ember-cli http-mock
我正在http://www.ember-cli.com/#ember-data上建议使用带有Ember CLI的http-mock .我理解CSP的基本概念,但我不了解它在Ember CLI应用程序中的配置.
如何配置我的应用程序以接受请求以localhost:4200/api/在开发期间避免这种情况:
Content Security Policy violation: {
"csp-report": {
"document-uri":"http://localhost:4200/products",
"referrer":"",
"violated-directive":"style-src 'self'",
"effective-directive":"style-src",
"original-policy":"default-src 'none'; script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729; font-src 'self'; connect-src 'self' ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; img-src 'self'; style-src 'self'; media-src 'self'; report-uri http://0.0.0.0:4200/csp-report;",
"blocked-uri":"",
"source-file":"chrome-extension://alelhddbbhepgpmgidjdcjakblofbmce",
"line-number":1,"column-number":20481,"status-code":200
}
}
rog*_*rog 13
您可以通过编辑来调整内容安全策略config/environment.js.我相信你的情况,与connect-src被抛出的错误有关(编辑:看起来像是style-src被侵犯了,可能是Chrome Extension Awesome截图).添加*将允许它连接到任何东西.
var ENV = {
...
contentSecurityPolicy: {
'default-src': "'none'",
'script-src': "'self'",
'font-src': "'self'",
'connect-src': "'self' *",
'img-src': "'self'",
'style-src': "'self' *",
'media-src': "'self'"
}
}
或者更具体地说,您可以添加:
...
'connect-src': "'self' 'localhost:4200'",
...
此外,如果您只想将其添加到您的开发环境中,请将其放入:
if (environment === 'development') {
ENV.contentSecurityPolicy = {
...(policies)...
}
}
有关CSP的更多信息,请访问ember-cli:https://www.npmjs.com/package/ember-cli-content-security-policy.
有关CSP的更多信息:http://content-security-policy.com/
| 归档时间: |
|
| 查看次数: |
3873 次 |
| 最近记录: |