【发布时间】:2021-11-16 20:25:52
【问题描述】:
我正在 facebook webview 中加载上传到 firebase 的 Angular 应用程序。被拒绝为 API 和视图构建错误。我也在 index.html 中添加了元标记。
错误:
HTML 渲染错误
[Report Only] Refused to frame 'https://yyyyyyy/' because it violates the following Content Security Policy directive: "frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com".
VM346 referer_frame.php:1 [Report Only] Refused to frame 'https://yyyyyyyy/' because it violates the following Content Security Policy directive: "frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com".
API 调用阻塞错误
zone-evergreen.js:2845 Refused to connect to 'https://xxxxxxxx' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
我在 index.html 中添加了以下元标记
元标记: API 网址:https://xxxxxx/ Firebase 网址:https://yyyyyy/
<meta http-equiv="Content-Security-Policy" content="frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com https://yyyyyy/ frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval' https://xxxxxx/">
感谢您的帮助:)
【问题讨论】:
标签: angular iframe content-security-policy facebook-iframe facebook-webhooks