拒绝执行内联脚本

Hunlongyu commented 1 year ago

vite.config.js

import { defineConfig } from 'vite';
import monkey from 'vite-plugin-monkey';
import eslintPlugin from 'vite-plugin-eslint';

// https://vitejs.dev/config/
export default defineConfig({
  plugins: [
    monkey({
      entry: 'src/main.js',
      userscript: {
        icon: 'https://vitejs.dev/logo.svg',
        namespace: 'npm/vite-plugin-monkey',
        match: ['*://github.com/*'],
        'run-at': 'document-end',
      },
    }),
    eslintPlugin(),
  ],
});

main.js

console.log('lala');

报错文字如下：

userscript.html?name=server%253Agithub.user.js&id=8a1c944e-1d66-47f8-8d2c-fb2eef8448a2:79 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' github.githubassets.com". Either the 'unsafe-inline' keyword, a hash ('sha256-m9WuhxCDjalzF2tBhg/f0YTfasIeLnFGhEK6+zp1IZw='), or a nonce ('nonce-...') is required to enable inline execution.

如果说 github 做了限制，那么其他脚本应该也无法正常运行。但我只是简单的加了一个 console.log 就无法运行，感觉是不是哪里出问题了。

lisonge commented 1 year ago

https://github.com/lisonge/vite-plugin-monkey#csp

lisonge commented 1 year ago

Hunlongyu commented 1 year ago

感谢已解决

lisonge / vite-plugin-monkey

拒绝执行内联脚本 #39