Closed jimixy closed 2 years ago
emmmm, Readme mention this Q: $i fail to import resources On some websites like GitHub, $i will fail to import resources. Console warning may be like follows:
Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' assets-cdn.github.com"
.
It is because of strict Content Security Policy of these websites. For more information, see Content Security Policy (CSP) wiki
Yeah, it's due to the CSP of the website itself.
https://github.com/pd4d10/console-importer/issues/3#issuecomment-966991301 mentioned a solution which use "Disable Content-Security-Policy" extension to disable it, but I think it may cause security issues.
Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.11/lodash.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' .xitu.io .juejin.im .baidu.com .google-analytics.com .meiqia.com dn-growing.qbox.me .growingio.com .guard.qcloud.com .gtimg.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.