更新时间:2022-10-19 18:51:37
看起来这可能是Modernizr不与网站Content-Security-Policy相处。在我看来,你不是唯一一个遇到这个问题的人:
Modernizr导致内容安全策略(CSP)违规错误·问题#1450·Modernizr / Modernizr·GitHub [ ^ ]
可能的解决方法
内容安全政策限制由termi解决方案·Pull Request#1263·Modernizr / Modernizr·GitHub [ ^ ]
更多关于CSP
内容安全策略(CSP) - HTTP | MDN [ ^ ]
Quote:'unsafe-inline'关键字,一个哈希值(
'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq / s1Kn4 / KQ ='
)或nonce('nonce -...')是启用内联执行所必需的。
您添加到CSP的两个哈希值都不符合您尝试加载的内联< style>
内容。
为内联样式表生成一个哈希值,并将其添加到您的CSP中。
报告URI:CSP哈希生成器 [ ^ ]
I am getting the below error while running the application
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution.
Below is the code currently I am using
What I have tried:
const string modernizrHash1 = "sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; const string modernizrHash2 = "sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs="; app.UseCsp(options => options .DefaultSources(s => s.Self()) .ScriptSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/")) .StyleSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/", modernizrHash1, modernizrHash2)) .FontSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/")) .ImageSources(s => s.Self().CustomSources("data:")) );
It looks like this may be Modernizr not getting along with the sites Content-Security-Policy. Seems to me that you are not the only one experiencing this:
Modernizr Causes Content Security Policy (CSP) Violation Errors · Issue #1450 · Modernizr/Modernizr · GitHub[^]
Possible workaround
Content Security Policy restrictions workaround by termi · Pull Request #1263 · Modernizr/Modernizr · GitHub[^]
More on CSP
Content Security Policy (CSP) - HTTP | MDN[^]
Quote:Either the 'unsafe-inline' keyword, a hash (
'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='
), or a nonce ('nonce-...') is required to enable inline execution.
Neither of the two hashes you've added to your CSP match the inline<style>
content you're trying to load.
Generate a hash for the inline stylesheet, and add it to your CSP.
Report URI: CSP Hash Generator[^]