我添加了头盔功能来设置 CPS,但是字体存在问题。一个简单的例子如下:
但是,它会正确加载所有资产,但它抱怨的字体除外。
示例.css
src: url("/assets/fonts/font.eot")
Example.com
app.use(csp({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'"],
fontSrc: ["'self'", "'unsafe-inline'"],
sandbox: ['allow-forms', 'allow-scripts'],
reportUri: '/report-violation',
objectSrc: [],
},
reportOnly: false,
setAllHeaders: false,
disableAndroid: false,
browserSniff: true
}));
在浏览器中它给了我这个字体的错误信息
Font from origin 'http://localhost:3000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
我是否缺少使字体在浏览器中工作的东西?
在快递中,我确保正确设置公共和资产文件。(资产中的一切工作正常)。
app.use("/assets", express.static(__dirname + "/assets"));
app.use("/public", express.static(__dirname + "/public"));