Refused to load the script ‘xxxx.js‘ because it violates the following Content Security Policy …

本文介绍: Refused t o load t he script ‘https://unpkg.com/xxxx.js‘ because i t v iola t es t he follo win g Con tent Sec urity Po li cy directive: “sc ript-src ‘self‘ ‘uns a fe-eval‘ ‘uns a fe–inline‘ data:”. Note that ‘sc ript-src–el em‘ was not ex pli citly set, so ‘sc r ipt-src‘ is used

在使用Elect r on 封装一些模块的时候，出现以下错误：

Refused to loa d the s c r ipt ‘https://unpkg.com/xxxx.js’ because it v iolates the follo win g Content Sec urity Poli cy directive: “s cript-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’ data:”. Note that ‘script-src–el em’ was not ex pli citly set, so ‘script-src’ is used as a fallb ack.

这是由于Electron为了防止出现XSS攻击，阻止了该网站资源的加载，我们设置允许加载即可。

例如，我们当前被禁止的xxxx.js来自https://unpkg.com那么我们可以在electron 程序的主进程中添加如下代码段

app.on('ready', () =&gt; {
  createWindow()
  session.defaultSession.webRequest.onHeadersReceived((details: Electron.OnHeadersReceivedListenerDetails, callback: (headersReceivedResponse: Electron.HeadersReceivedResponse) =&gt; void) =&gt; {
    callback({
      responseHeaders: {
        ...details.responseHeaders,
        'Content-Security-Policy': ['default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://unpkg.com'] // 注意这里的https://unpkg.com
      }
    })
  })
});