Refused to connect to ' http://www.xxx.com/xxx/mobeil/base/ashx ' because it violates the following Content security Policy directive: "Default-src ' self ' data:gap:https://ssl.gstatic.com ' unsafe-eval '". Note which ' CONNECT-SRC ' was not explicitly set and so ' default-src ' is used as a fallback.
The error content means:
Refuses to connect to the URL of your specified request because it violates the content security policy instruction DEFAULT-SRC settings
In the error message, it has been said to violate the content Security policy directive,
Because there is no corresponding part in the content security policy, the DEFAULT-SRC instruction is used by default, and the DEFAULT-SRC instruction does not set the request URL setting we are sending, thus denying access.
If you want to set the Allow request data, you need to set the Content-security-policy connect-src *, meaning you can request to any URL, as follows:
<meta http-equiv= "Content-security-policy" content= "default-src ' self ' data:gap:https://ssl.gstatic.com '" Unsafe-eval '; Style-src ' self ' ' unsafe-inline '; MEDIA-SRC *; Img-src ' self ' data:content:; CONNECT-SRC *; " >
If the CONNECT-SRC directive is configured, the default instruction default-src is not used.
For other white list questions, you can leave a message.