comment_list.inc': $pre .= $default_pre .= 'comment_list.inc.htm'; break; case 'message': $pre .= $default_pre .= 'message.htm'; break; case 'tag_list': $pre .= $default_pre .= 'tag_list.htm'; break; case 'tag': $pre .= $default_pre .= 'tag.htm'; break; case 'flag': $pre .= $default_pre .= 'flag.htm'; break; case 'my': $pre .= $default_pre .= 'my.htm'; break; case 'my_password': $pre .= $default_pre .= 'my_password.htm'; break; case 'my_bind': $pre .= $default_pre .= 'my_bind.htm'; break; case 'my_avatar': $pre .= $default_pre .= 'my_avatar.htm'; break; case 'home_article': $pre .= $default_pre .= 'home_article.htm'; break; case 'home_comment': $pre .= $default_pre .= 'home_comment.htm'; break; case 'user': $pre .= $default_pre .= 'user.htm'; break; case 'user_login': $pre .= $default_pre .= 'user_login.htm'; break; case 'user_create': $pre .= $default_pre .= 'user_create.htm'; break; case 'user_resetpw': $pre .= $default_pre .= 'user_resetpw.htm'; break; case 'user_resetpw_complete': $pre .= $default_pre .= 'user_resetpw_complete.htm'; break; case 'user_comment': $pre .= $default_pre .= 'user_comment.htm'; break; case 'single_page': $pre .= $default_pre .= 'single_page.htm'; break; case 'search': $pre .= $default_pre .= 'search.htm'; break; case 'operate_sticky': $pre .= $default_pre .= 'operate_sticky.htm'; break; case 'operate_close': $pre .= $default_pre .= 'operate_close.htm'; break; case 'operate_delete': $pre .= $default_pre .= 'operate_delete.htm'; break; case 'operate_move': $pre .= $default_pre .= 'operate_move.htm'; break; case '404': $pre .= $default_pre .= '404.htm'; break; case 'read_404': $pre .= $default_pre .= 'read_404.htm'; break; case 'list_404': $pre .= $default_pre .= 'list_404.htm'; break; default: $pre .= $default_pre .= theme_mode_pre(); break; } if ($config['theme']) { $conffile = APP_PATH . 'view/template/' . $config['theme'] . '/conf.json'; $json = is_file($conffile) ? xn_json_decode(file_get_contents($conffile)) : array(); } !empty($json['installed']) and $path_file = APP_PATH . 'view/template/' . $config['theme'] . '/htm/' . ($id ? $id . '_' : '') . $pre; (empty($path_file) || !is_file($path_file)) and $path_file = APP_PATH . 'view/template/' . $config['theme'] . '/htm/' . $pre; if (!empty($config['theme_child']) && is_array($config['theme_child'])) { foreach ($config['theme_child'] as $theme) { if (empty($theme) || is_array($theme)) continue; $path_file = APP_PATH . 'view/template/' . $theme . '/htm/' . ($id ? $id . '_' : '') . $pre; !is_file($path_file) and $path_file = APP_PATH . 'view/template/' . $theme . '/htm/' . $pre; } } !is_file($path_file) and $path_file = APP_PATH . ($dir ? 'plugin/' . $dir . '/view/htm/' : 'view/htm/') . $default_pre; return $path_file; } function theme_mode_pre($type = 0) { global $config; $mode = $config['setting']['website_mode']; $pre = ''; if (1 == $mode) { $pre .= 2 == $type ? 'portal_category.htm' : 'portal.htm'; } elseif (2 == $mode) { $pre .= 2 == $type ? 'flat_category.htm' : 'flat.htm'; } else { $pre .= 2 == $type ? 'index_category.htm' : 'index.htm'; } return $pre; } ?>javascript - phonegap + ionic using Content-Security-Policy to load maps.googleapis.com, how to? - Stack Overflow

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - phonegap + ionic using Content-Security-Policy to load maps.googleapis.com, how to? - Stack Overflow

    javascript - phonegap + ionic using Content-Security-Policy to load maps.googleapis.com, how to? - Stack Overflow

    programmeradmin19浏览0评论

    i have tried many ways of loading google maps and firebaseio without success: this is what i have now:

    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: ;
  script-src 'self' /* 'unsafe-inline' 'unsafe-eval';
  style-src 'self' 'unsafe-inline';">

    and i get:

    Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self' /* 'unsafe-inline' 'unsafe-eval'".

Refused to load the script '/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' /* 'unsafe-inline' 'unsafe-eval'".

    any ideas what am i doing wrong?

    i have tried many ways of loading google maps and firebaseio without success: this is what i have now:

    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com;
  script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval';
  style-src 'self' 'unsafe-inline';">

    and i get:

    Refused to load the script 'https://maps.googleapis.com/maps/api/js?libraries=places' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".

Refused to load the script 'https://test.firebaseio.com/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".

    any ideas what am i doing wrong?

    • javascript
    • google-maps
    • firebase
    • phonegap-plugins
    • content-security-policy
    Share Improve this question asked Jul 11, 2015 at 7:36 PatrioticcowPatrioticcow 27k76 gold badges220 silver badges339 bronze badges 3
    • tried 'https://maps.googleapis.com/*' rather than https://maps.googleapis.com/* – Sushant Commented Jul 11, 2015 at 7:38
    • @Sushant, nope. i get The source list for Content Security Policy directive 'script-src' contains an invalid source: ''https://maps.googleapis.com/*''. It will be ignored. – Patrioticcow Commented Jul 11, 2015 at 7:42
    • fwiw scheme://host/* isn't a valid CSP pattern. https://maps.googleapis.com is what you're trying to accomplish. – oreoshake Commented Sep 3, 2015 at 18:36
    Add a comment  | 

    2 Answers 2

    Reset to default 20

    this did the trick :)

    <meta http-equiv="Content-Security-Policy"
          content="default-src *;
               script-src 'self' 'unsafe-inline' 'unsafe-eval'
                           127.0.0.1:*
                           http://*.google.com
                           http://*.gstatic.com
                           http://*.googleapis.com
                           http://*.firebaseio.com
                           https://*.google.com
                           https://*.gstatic.com
                           https://*.googleapis.com
                           https://*.firebaseio.com
                           ;
               style-src  'self' 'unsafe-inline'
                          127.0.0.1
                           http://*.google.com
                           http://*.gstatic.com
                           http://*.googleapis.com
                           http://*.firebaseio.com
                           https://*.google.com
                           https://*.gstatic.com
                           https://*.googleapis.com
                           https://*.firebaseio.com
">

    and the google script <script src="https://maps-api-ssl.google.com/maps/api/js?libraries=places"></script>

    for development without any restrictions use:

    <meta http-equiv="Content-Security-Policy" 
      content="default-src * 'unsafe-eval' 'unsafe-inline'">
    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论