Question

<add name="Content-Security-Policy" value="default-src 'self' '*';
               script-src 'self' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://use.fontawesome.com; 
               style-src 'self' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://use.fontawesome.com;
               img-src 'self'  https://ssl.gstatic.com/;
               font-src 'self' https://use.fontawesome.com"/>

上面是我曾经在网站上使用过的CSP，但不适用于我。

任何一次都可以帮忙吗

its showing lot of errors in console

Answer 1

听起来您的标题格式不正确。脚本和样式资源被阻止，因为您没有启用不安全的内联代码。

您是否尝试为script-src和style-src指定'unsafe-inline'？

   <httpProtocol>
            <customHeaders>
                <add name="Content-Security-Policy" value="script-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://use.fontawesome.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://use.fontawesome.com;img-src 'self' https://ssl.gstatic.com/; font-src 'self' https://use.fontawesome.com;" />
            </customHeaders>
        </httpProtocol>

IIS标头中的内容安全策略

1 个答案: