问题
I'm using Uploadcare to upload images and files in my application and am also using the browser-policy package for content security. I noticed recently that the camera upload feature was not working and couldn't figure out how to allow it.
Refused to load media from 'blob:http%3A//localhost%3A3000/e44633a7-227f-40e2-a3bd-9efd211f677d' because it violates the following Content Security Policy directive: "default-src 'self' (My Allowed Origins ...) ". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.
It seems the only way I've been able to get this to work is by using:
BrowserPolicy.content.allowOriginForAll('blob:');
Is there a better way? It looks like I'm getting an 'unsafe-eval' blob: warning using the current method. Things I've tried already:BrowserPolicy.content.allowDataUrlForAll();
BrowserPolicy.content.allowBlobDataUrl(); Not valid
BrowserPolicy.content.allowOriginForAll('blob:http://localhost3000*');
BrowserPolicy.content.allowOriginForAll('http://localhost3000*');
回答1:
We use this policy in our package:
BrowserPolicy.content.allowImageOrigin("blob:");
var constructedCsp = BrowserPolicy.content._constructCsp();
BrowserPolicy.content.setPolicy(constructedCsp +" media-src blob:;");
If you just want to plug and play it's here: https://github.com/smalljoys/meteor-uploadcare
来源:https://stackoverflow.com/questions/32600469/meteor-browser-policy-local-camera-not-allowed