我一直收到这个错误:
拒绝执行内联脚本,因为它违反了以下内容安全策略指令:"default-src'self'data:gap:http ://www.visitsingapore.com https : //ssl.gstatic.com'unsafe-eval'" .可以使用'unsafe-inline'关键字,散列('sha256-V +/U3qbjHKP0SaNQhMwYNm62gfWX4QHwPJ7We1PXokI =')或nonce('nonce -...')来启用内联执行.另请注意,'script-src'未显式设置,因此'default-src'用作后备.
任何人都可以告诉我如何解决这个问题,这是什么意思?我的代码是:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data:gap: http://www.visitsingapore.com https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="css/index.css">
<link rel="stylesheet" href="css/jquery.mobile-1.4.5.css">
<script src="lib/jquery-3.2.1.min.js"></script>
<script type="text/javascript" src="scripts/key.js"></script>
<script>$.ajax({
url: ' http://www.visitsingapore.com/api.listing.en.json',
type: 'GET',
beforeSend: function (xhr) {
xhr.setRequestHeader('email ID', '-------@gmail.com');
xhr.setRequestHeader('token ID', '-------');
},
data: {},
success: function (qwe12) {
var TrueResult2 = JSON.stringify(qwe12);
document.write(TrueResult2);
},
error: function () { },
});</script>