尝试加载MapBox时收到错误信息
mapboxgl.accessToken = 'xxxxxxxx';
var map = new mapboxgl.Map({
container: 'map', // container ID
style: 'mapbox://styles/mapbox/streets-v11', // style URL
});
doctype html
html
head
block head
meta(charset='UTF-8')
meta(name='viewport' content='width=device-width, initial-scale=1.0')
link(rel='stylesheet' href='/css/style.css')
link(rel='shortcut icon', type='/image/png' href='/ img/favicon.png')
link(rel='stylesheet', href='https://fonts. googleapis.com/css?family=Lato:300,300i,700')
title Natours | #{title}
body
//- HEADER
include _header
//- CONTENT
block content
h1 this is a placeholder heading
//- FOOTER
include _footer
script(src='/javascript/mapbox.js')
拒绝加载脚本‘https://api.mapbox.com/mapbox-gl-js/v2.1.1/mapbox-gl.js’,因为它违反了以下内容安全策略指令:&script-src‘self’";。请注意,未显式设置‘script-src-elem’,因此将‘script-src’用作备用。
解决方案
我今天遇到了这个问题。我知道你现在可能已经有人接了。但下面仍然是你的答案:信用东林-
https://www.udemy.com/course/nodejs-express-mongodb-bootcamp/learn/lecture/15065656#questions/12020720
发送CSP标头以允许从Mapbox加载脚本。示例如下:exports.getTour = catchAsync(async (req, res, next) => {
const tour = await Tour.findOne({ slug: req.params.slug }).populate({
path: 'reviews',
fields: 'review rating user'
});
res
.status(200)
.set(
'Content-Security-Policy',
"default-src 'self' https://*.mapbox.com ;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src https://cdnjs.cloudflare.com https://api.mapbox.com 'self' blob: ;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;"
)
.render('tour', {
title: `${tour.title} Tour`,
tour
});
});
相关文章