Javascript 尝试使用EJS include时的内容安全策略指令_Javascript_Node.js_Ejs

Javascript 尝试使用EJS include时的内容安全策略指令

javascript node.js

Javascript 尝试使用EJS include时的内容安全策略指令,javascript,node.js,ejs,Javascript,Node.js,Ejs,我有一个简单的ejs文件，如下所示： <!DOCTYPE html> <html> <head> <title>test</title> </head> <body> <% include ../../partials/nav.ejs %> <h1>Hello</h1> <h4><%= uid %></h4> </b

我有一个简单的ejs文件，如下所示：

<!DOCTYPE html>

<html>

<head>
    <title>test</title>

</head>


<body>
<% include ../../partials/nav.ejs %>

<h1>Hello</h1>
<h4><%= uid %></h4>
</body>
</html>

目前nav.ejs是一个空白文件

当我删除

行时，页面加载很好，URL中的uid被插入到

标记中。但是，只要我包含该行，我就会得到以下错误：

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-o6wSC15InKzMdQsAjlOwalELkGSpN0I4/fzIfw2Ckvg='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

然而，我并不真正理解这一点，因为我在nav.ejs或我的主ehs文件中都没有样式。没有脚本或类似的东西。这实际上只是一个空白的ejs文件，我正在尝试

有人能帮我吗？

嘿，你有没有想过？

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-o6wSC15InKzMdQsAjlOwalELkGSpN0I4/fzIfw2Ckvg='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.