通过 Firebase Robo 测试的 Google 控制台显示异常。
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https://abs.twimg.com https://abs-0.twimg.com https://twitter.com https://mobile.twitter.com"
但在 WebView 设置中启用了 JS。
WebSettings settings = webview.getSettings();
settings.setJavaScriptEnabled(true);
webview.setWebChromeClient(new WebChromeClient());
settings.setSupportMultipleWindows(true);
settings.setDomStorageEnabled(true);
如果放在标题中,则相同的异常
headers.put("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval'");