问题
When I'm working with developing a website, I often would like to see how a specific feature would look on a website. So I go to the chrome developer tools and often run some javascript scripts.
I often find the issue that some scripts can not run because of the Content Security Policy (CSP), which I completely understand for purposes of protecting against cross site scripting.
QUESTION: Since I am testing features with the developers console on a page that is loaded for me on my browser client, I was wondering if there was a way to disable the CSP for that specific page after it has loaded? Possibly somewhere in the source code with inspect element, or in some settings part of the developer console.
回答1:
I can't necessarily vouch for the best way to do that, but there is a use at own risk extension available for disabling CSP: https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en. A quick search on the chrome google group (https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/TZaaNTPOqt0) indicates that there is not a native way to do this using only the developer tools.
来源:https://stackoverflow.com/questions/43356214/disabling-content-security-policy