我正在构建一个带有单一spa的微前端web应用程序,并试图在我部署的站点上设置导入地图覆盖。
当尝试从localhost
加载微前端脚本时,我得到以下控制台错误script-load.js:86 Refused to load the script 'http://localhost:8085/whatever.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' https: localhost:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
我有以下Content-Security-Policy
在我的HTML:
meta http-equiv="Content-Security-Policy" content="default-src 'self' https: localhost:*; script-src 'unsafe-inline' 'unsafe-eval' https: localhost:*; connect-src https: localhost:* ws://localhost:*; style-src 'unsafe-inline' https:; object-src 'none';"
我的印象是script-src localhost:*
将允许用我在本地运行的脚本覆盖MFE脚本。
保持这样的导入映射,不要在
前面添加http<script type="systemjs-importmap">
{
"imports": {
"@dell/react1":"//localhost:8080/test-react1.js"
}
}
</script>