Vee*_*era 5 javascript node.js express pug
mapboxgl.accessToken = 'xxxxxxxx';
var map = new mapboxgl.Map({
container: 'map', // container ID
style: 'mapbox://styles/mapbox/streets-v11', // style URL
});doctype html
html
head
block head
meta(charset='UTF-8')
meta(name='viewport' content='width=device-width, initial-scale=1.0')
link(rel='stylesheet' href='/css/style.css')
link(rel='shortcut icon', type='/image/png' href='/ img/favicon.png')
link(rel='stylesheet', href='https://fonts. googleapis.com/css?family=Lato:300,300i,700')
title Natours | #{title}
body
//- HEADER
include _header
//- CONTENT
block content
h1 this is a placeholder heading
//- FOOTER
include _footer
script(src='/javascript/mapbox.js')拒绝加载脚本“https://api.mapbox.com/mapbox-gl-js/v2.1.1/mapbox-gl.js”,因为它违反了以下内容安全策略指令:“script-src 'self'” 。请注意,“script-src-elem”未明确设置,因此“script-src”用作后备。
我今天遇到了这个问题。我知道你现在可能已经得到答复了。但下面是你的答案:鸣谢东林-
发送 CSP 标头以允许加载来自 Mapbox 的脚本。示例如下:
exports.getTour = catchAsync(async (req, res, next) => {
const tour = await Tour.findOne({ slug: req.params.slug }).populate({
path: 'reviews',
fields: 'review rating user'
});
res
.status(200)
.set(
'Content-Security-Policy',
"default-src 'self' https://*.mapbox.com ;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src https://cdnjs.cloudflare.com https://api.mapbox.com 'self' blob: ;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;"
)
.render('tour', {
title: `${tour.title} Tour`,
tour
});
});
| 归档时间: |
|
| 查看次数: |
8643 次 |
| 最近记录: |