内容安全策略和Express.js的问题

如何解决内容安全策略和Express.js的问题

在学习Express教程时遇到了一些麻烦。即使我在响应标题中添加了很多内容，我仍然收到内容安全策略警告。这是我用于更多上下文的服务器代码：

const { MongoClient,ObjectID } = require("mongodb");
const Express = require("express")();
const Cors = require("cors");
const BodyParser = require("body-parser");
const { request } = require("express");
const csp = require("helmet-csp");

const client = new MongoClient(process.env["ATLAS_URI"]);

Express.use(BodyParser.json());
Express.use(BodyParser.urlencoded({ extended: true }));
Express.use(Cors());

Express.use(
    csp({
      directives: {
        defaultSrc: [`'unsafe-inline'`,`'self'`],scriptSrc: [`'self'`,`'unsafe-inline'`,`'unsafe-eval'`,`http://*`],styleSrc: [`'self'`,fontSrc: [`'self'`],frameSrc: [`'self'`],connectSrc: [`'self'`],imgSrc: [`'self'`],objectSrc: [`'self'`],reportUri: `/csp`
      },reportOnly: true,}),);

var collection;

Express.listen("3000",async () => {
    try {
        await client.connect();
        collection = client.db("gamedev").collection("scores");
        collection.createIndex({ "location": "2dsphere" });
    } catch (e) {
        console.error(e);
    }
});

Express.post("/create",async (request,response) => {
   // create code
});

Express.get("/get",response) => {
  // get code
});

Express.get("/getNearLocation",response) => {
 // getNearLocation code
});

基本上，每当我运行此代码并尝试使用自己拥有的客户端程序对其进行访问时，即使我似乎已经使用helmet-csp在代码中设置了它们，也会遇到以下错误：

Content Security Policy: The page’s settings blocked the loading of a resource at http://localhost:3000/favicon.ico (“default-src”).

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).

此外，当我卷曲http://localhost:3000时，得到200 OK响应，但是当我卷曲http://localhost:3000/get或任何预定义的Express路线时，都会出现404错误。

$ curl -I http://localhost:3000/
HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 150
ETag: W/"96-tX0B7LKaOuUPvTVjHjbS+EAVlus"
Date: Tue,29 Sep 2020 00:27:53 GMT
Connection: keep-alive

$ curl -I http://localhost:3000/get
HTTP/1.1 404 Not Found
X-Powered-By: Express
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 143
Date: Tue,29 Sep 2020 00:31:44 GMT
Connection: keep-alive

任何帮助或配对都将不胜感激！ :(我的大脑在慢慢炸

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。