＆＃34; style-src＆＃39; self＆＃39; https://maxcdn.bootstrapcdn.com/bootstrap/&#34 ;. “不安全 - 内联”和“不安全”。关键字，哈希

Question

我在jenkins服务器上托管了一个网页。

我在最新的jenkins更新中看到了

所以我已经阅读了关于如何绕过这一限制的精彩post

我已将此<meta>添加到我的页面

但我一直在收到控制台错误：

拒绝应用内联样式，因为它违反了以下内容安全策略指令：＆＃34; style-src＆＃39; self＆＃39; https://maxcdn.bootstrapcdn.com/bootstrap/＆＃34 ;. “不安全 - 内联”和“不安全”。关键字，哈希（＆＃39; sha256-47DEQpj8HBSa + / TImW + 5JCeuQeRkm5NMpJWZG3hSuFU =＆＃39;）或nonce（＆＃39; nonce -...＆＃39;）是启用内联执行所必需的。

    <head>
<title>Bidi: unknown bl version vs. 1.0.487</title>
<meta content="text/html; charset=utf-8 ;" http-equiv="content-type">
<meta content="style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy"><meta content="script-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy"><meta content="default-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css"><script type="script" src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script><link rel="icon" href="/jenkins/view/QA/job/RoutingRegression/ws/src/main/resources/html_pages/images/favicon.png" type="image/gif" sizes="16x16"><link rel="stylesheet" href="/RoutingRegression/html_pages/css/delta_samples.css">
</head>

Answer 1

我认为你应该阅读fantastic post 我使用

完全放松了我的Jenkins配置

  

System.setProperty（＆＃34; hudson.model.DirectoryBrowserSupport.CSP＆＃34;，＆＃34;＆＃34;）

Answer 2

在元数据中添加“不安全内联”属性。

<meta content="style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy">
<meta content="script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy">