V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
› NGINX
› NGINX Trac
› 3rd Party Modules
› Security Advisories
› CHANGES
› OpenResty
› ngx_lua
› Tengine
在线学习资源
› NGINX 开发从入门到精通
NGINX Modules
› ngx_echo
This topic created in 1766 days ago, the information mentioned may be changed or developed.
做了一个网页,用 HTML 标签写了一个返回上一页
<a href="javascript:history.go(-1);" class="button">返回</a>
结果 Chrome 提示了以下信息
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
网站用 Nginx 配置了一个 CSP 规则,但是遇到这个问题不知道怎么改规则了,好像怎么改都不起作用,以下是 CSP 规则:
default-src 'self'; media-src https://abc.com; style-src 'self' 'unsafe-inline' https://abc.com; font-src 'self' data: https://abc.com;
找了一下资料也挺少的,唯一找到了一个 stackoverflow 的问题: https://stackoverflow.com/questions/63832626/why-cant-i-get-around-my-csp-blocking-my-javascript-code-in-nunjucks-when-i-use,但是没怎么看明白,大概意思可能是这种方式 CSP 还不支持直接配置,看样子是需要改代码。有知道的大佬吗?
No Comments Yet
Select Language