Javascript 尝试使用EJS include时的内容安全策略指令
我有一个简单的ejs文件,如下所示:Javascript 尝试使用EJS include时的内容安全策略指令,javascript,node.js,ejs,Javascript,Node.js,Ejs,我有一个简单的ejs文件,如下所示: <!DOCTYPE html> <html> <head> <title>test</title> </head> <body> <% include ../../partials/nav.ejs %> <h1>Hello</h1> <h4><%= uid %></h4> </b
<!DOCTYPE html>
<html>
<head>
<title>test</title>
</head>
<body>
<% include ../../partials/nav.ejs %>
<h1>Hello</h1>
<h4><%= uid %></h4>
</body>
</html>
目前nav.ejs是一个空白文件
当我删除
行时,页面加载很好,URL中的uid被插入到
标记中。但是,只要我包含该行,我就会得到以下错误:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-o6wSC15InKzMdQsAjlOwalELkGSpN0I4/fzIfw2Ckvg='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
然而,我并不真正理解这一点,因为我在nav.ejs或我的主ehs文件中都没有样式。没有脚本或类似的东西。这实际上只是一个空白的ejs文件,我正在尝试
有人能帮我吗?嘿,你有没有想过?
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-o6wSC15InKzMdQsAjlOwalELkGSpN0I4/fzIfw2Ckvg='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.