Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

csp 问题 #1937

Closed
3 tasks done
hrmj008 opened this issue May 22, 2024 · 3 comments
Closed
3 tasks done

csp 问题 #1937

hrmj008 opened this issue May 22, 2024 · 3 comments
Labels
compatibility 浏览器或其他兼容性问题 FAQ 常见问题

Comments

@hrmj008
Copy link

hrmj008 commented May 22, 2024

议题条件

  • 我确认已查看官方使用文档:https://layui.dev ,但没有找到相关解决方案。
  • 我确认已在 Issues 中搜索过类似的问题,但没有找到相关解决方案。
  • 我已仔细阅读: 🍀 Layui Issue 贡献指南

议题类型

功能请求

使用版本

2.9.10

问题描述

启用了 CSP

Content-Security-Policy: default-src 'self';


在调用

layui.use(function () {    
        var layer = layui.layer;
        var layerIndex = layer.load(2)
    })

和jquery 4.0 后
由于 layui 生成了inline css
Screenshot 2024-05-22 at 17 03 20
浏览器会报错
Screenshot 2024-05-22 at 17 15 36

急需layui 支持csp

业务代码

layui.use(function () {    
        var layer = layui.layer;
        var layerIndex = layer.load(2)
    })



### 截图补充

![Screenshot 2024-05-22 at 17 15 36](https://github.com/layui/layui/assets/152969695/ec38d008-05d8-4215-9dcd-70132bcc2970)
![Screenshot 2024-05-22 at 17 03 20](https://github.com/layui/layui/assets/152969695/d22df802-9910-4dc6-bcbb-03533af37cda)


### 浏览器

Chrome

### 演示地址

_No response_

### 友好承诺

- [X] 我承诺将本着相互尊重、理解和友善的态度进行交流,共同维护 Layui 良好的社区氛围。 <!-- layui-issue-template 请务必严格遵循模板规范 -->
@sentsim sentsim added the compatibility 浏览器或其他兼容性问题 label May 22, 2024
@sentsim
Copy link
Collaborator

sentsim commented May 22, 2024

参考:#1176

@Sight-wcg Sight-wcg added the FAQ 常见问题 label May 22, 2024
@hrmj008
Copy link
Author

hrmj008 commented May 23, 2024

@sentsim 这个不是 eval 的问题,这个是inline css的问题

@sentsim
Copy link
Collaborator

sentsim commented Jun 18, 2024
edited
Loading

很难避免不使用内联样式的,建议把 default-src 改成 script-src 即不加载陌生脚本文件即可。也可以追加 frame-src,其他限制我认为没有太大必要。

@sentsim sentsim closed this as completed Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compatibility 浏览器或其他兼容性问题 FAQ 常见问题
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sentsim @Sight-wcg @hrmj008