我已经添加了头盔功能来设置CPS,但是存在字体问题。一个简单的例子如下:expressjs头盔cps问题与字体
但是,它会正确加载所有资产,但它所抱怨的字体除外。
sample.css
src: url("/assets/fonts/font.eot")
Example.com
app.use(csp({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'"],
fontSrc: ["'self'", "'unsafe-inline'"],
sandbox: ['allow-forms', 'allow-scripts'],
reportUri: '/report-violation',
objectSrc: [],
},
reportOnly: false,
setAllHeaders: false,
disableAndroid: false,
browserSniff: true
}));
,并在浏览器,它让我对字体此错误消息
Font from origin 'http://localhost:3000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
是我错过了一些马关于浏览器内的字体工作?
在表达我已确保公共和资产文件设置正确。 (从资产的一切工作正常)。
app.use("/assets", express.static(__dirname + "/assets"));
app.use("/public", express.static(__dirname + "/public"));
在这种情况下'__dirname'是什么? – JoeKir