【发布时间】:2015-07-11 07:36:14
【问题描述】:
我尝试了多种加载谷歌地图和firebaseio的方法,但均未成功: 这就是我现在拥有的:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com;
script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';">
我得到:
Refused to load the script 'https://maps.googleapis.com/maps/api/js?libraries=places' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
Refused to load the script 'https://test.firebaseio.com/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
任何想法我做错了什么?
【问题讨论】:
-
试过
'https://maps.googleapis.com/*'而不是https://maps.googleapis.com/* -
@Sushant,不。我得到
The source list for Content Security Policy directive 'script-src' contains an invalid source: ''https://maps.googleapis.com/*''. It will be ignored. -
fwiw scheme://host/* 不是有效的 CSP 模式。
https://maps.googleapis.com是你想要完成的。
标签: javascript google-maps firebase phonegap-plugins content-security-policy