Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
482 views
in Technique[技术] by (71.8m points)

javascript - How to set Content Security Policy in Windows Universal apps

I don't even know if that's what I need, but after several days of this MSDN Forum post with no answers at all I thought I'd give a shot in SO.

My problem: I have many Windows 8.1 and Windows Phone 8.1 HTML/Javascripts apps that have a little <script> sentence in the <head> of every html page. I started migrating my apps to Windows 10 as a single Universal Windows app but I get the following error:

CSP14312: Resource violated directive 'script-src ms-appx: data: 'unsafe-eval'' in Host Defined Policy: inline script. Resource will be blocked

and of course, nothing gets executed... am I missing anything?

edit: To repro just create a blank Windows Universal app with VS2015 RC and add

<script>
    console.log('hello');
</script>

right before the head tag closes

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Rob has it right, by default you can't have inline script in ms-appx:/// protocol. This is the default protocol for an application and has a default CSP policy that doesn't allow inline script.

If you really wish to use inline script you can navigate to the content via ms-appx-web:/// protocol where there is no default CSP policy.

The one note is that you do not have access to some capabilities in this protocol.

The only difference I have beyond what Rob said is that you most likely want to set the Application Content URI Rule (ACUR) like this

<uap:ApplicationContentUriRules>
   <uap:Rule Type="include" Match ="ms-appx-web:///" WindowsRuntimeAccess="all"/>
</uap:ApplicationContentUriRules>

To navigate to your content you can set the StartPage in the manifest to ms-appx-web:///default.html


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...