我正试图将jquery和css文件添加到我的.cs.html文件中,但我遇到了内容安全策略错误。
我已经尝试过添加<meta http-equiv="Content-Security-Policy" content="default-src 'self' *.aspnetcdn.com/">之类的东西,但它不起作用。
以下是我得到的错误
这是.cshtml文件:
@using Genesis.SharedLibrary.ViewModels.Genesis.ALG
@inject Genesis.Application.Services.Commons.IGenericServices _genericServices;
@{
var staticFileVersion = _genericServices.GetAppSettingValue("OtherSettings", "StaticFileVersion");
}
@model List<TravelRequestAdminViewModel>
<body>
@* DATA TABLE WITH SEVEN COLUMNS AND MANY ROWS *@
</body>
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.20/css/jquery.dataTables.min.css" />
<link rel="stylesheet" type="text/css" href="http://ajax.aspnetcdn.com/ajax/jquery.dataTables/1.9.4/css/jquery.dataTables.css" />
<script type="text/javascript" src="~/lib/jquery/dist/jquery.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.20/js/jquery.dataTables.min.js"></script>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.3.1.js"></script>
<script src="~/shared/js/Views/travelRequestAdminScript.js?v=@staticFileVersion"></script>
您需要放宽远程脚本的默认策略
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://code.jquery.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; script-src 'self' https://example.com/ 'unsafe-inline' 'unsafe-eval'; media-src *">
参考:
https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing