blob: c5a5445d484f556012ea8994691afbc4a9984a1b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
@ngdoc error
@name $sce:isecrurl
@fullName Blocked loading an untrusted resource
@description
AngularJS' {@link api/ng.$sce#strictcontextualescaping Strict Contextual Escaping
(SCE)} mode (enabled by default) has blocked loading a resource from an insecure URL.
Typically, this would occur if you're attempting to load an Angular template from a different
domain. It's also possible that a custom directive threw this error for a similar reason.
Angular only loads templates from trusted URLs (by calling {@link api/ng.$sce#getTrustedResourceUrl
$sce.getTrustedResourceUrl} on the template URL.).
By default, only URLs to the same domain with the same protocol as the application document are
considered to be trusted.
The {@link api/ng.directive:ngInclude ng-include} directive and {@link guide/directive directives}
that specify a `templateUrl` require a trusted resource URL.
To load templates from other domains and/or protocols, either adjust the {@link
api/ng.$sceDelegateProvider#resourceUrlWhitelist whitelist}/ {@link
api/ng.$sceDelegateProvider#resourceUrlBlacklist blacklist} or wrap the URL with a call to {@link
api/ng.$sce#trustAsResourceUrl $sce.trustAsResourceUrl}.
**Note**: The browser's {@link
https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_XMLHttpRequest Same Origin
Policy} and {@link http://www.w3.org/TR/cors/ Cross-Origin Resource Sharing (CORS)} policy apply
that may further restrict whether the template is successfully loaded. (e.g. neither cross-domain
requests won't work on all browsers nor `file://` requests on some browsers)
|
