看起来这可能是Modernizr不与网站Content-Security-Policy相处。在我看来，你不是唯一一个遇到这个问题的人：



Modernizr导致内容安全策略（CSP）违规错误·问题＃1450·Modernizr / Modernizr·GitHub [ ^ ]



可能的解决方法

内容安全政策限制由termi解决方案·Pull Request＃1263·Modernizr / Modernizr·GitHub [ ^ ]



更多关于CSP

内容安全策略（CSP） - HTTP | MDN [ ^ ]

Quote：

'unsafe-inline'关键字，一个哈希值（'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq / s1Kn4 / KQ ='）或nonce（'nonce -...'）是启用内联执行所必需的。

您添加到CSP的两个哈希值都不符合您尝试加载的内联< style> 内容。



为内联样式表生成一个哈希值，并将其添加到您的CSP中。



报告URI：CSP哈希生成器 [ ^ ]

I am getting the below error while running the application

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution.

Below is the code currently I am using

What I have tried:

const string modernizrHash1 = "sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=";
const string modernizrHash2 = "sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=";
app.UseCsp(options => options
.DefaultSources(s => s.Self())
.ScriptSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/"))
.StyleSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/", modernizrHash1, modernizrHash2))
.FontSources(s => s.Self().CustomSources("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/"))
.ImageSources(s => s.Self().CustomSources("data:"))
);

It looks like this may be Modernizr not getting along with the sites Content-Security-Policy. Seems to me that you are not the only one experiencing this:

Modernizr Causes Content Security Policy (CSP) Violation Errors · Issue #1450 · Modernizr/Modernizr · GitHub[^]

Possible workaround
Content Security Policy restrictions workaround by termi · Pull Request #1263 · Modernizr/Modernizr · GitHub[^]

More on CSP
Content Security Policy (CSP) - HTTP | MDN[^]

Quote:

Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution.

Neither of the two hashes you've added to your CSP match the inline <style> content you're trying to load.

Generate a hash for the inline stylesheet, and add it to your CSP.

Report URI: CSP Hash Generator[^]