我有一个iframe,当用户登录LinkedIn时,他们的浏览器可以工作,但是当用户没有在他们的浏览器上登录LinkedIn时,我会收到以下错误,
Refused to display 'https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D3608601%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522authFlowName%2522%253A%2522default%2522%252C%2522appId%2522%253A3608601%252C%2522loginHint%2522%253Anull%252C%2522externalBindingKey%2522%253Anull%252C%2522currentSubStage%2522%253A0%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522redirectUri%2522%253A%2522http%253A%252F%252F192.168.10...2%253Anull%252C%2522currentSubStage%2522%253A0%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522redirectUri%2522%253A%2522http%253A%252F%252F192.168.10.10%252Fauth%252Fwidget%252Flinkedin%2522%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522flowHint%2522%253Anull%252C%2522creationTime%2522%253A1528495513789%252C%2522scope%2522%253A%2522r_basicprofile%2Br_emailaddress%2522%252C%2522state%2522%253A%25227Kk3N5zheQaOr3lC9yRZstUYehubbYjv3YpbNjoY%2522%257D' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
看起来这是违反内容安全政策指令的结果。我在我的html代码的标题中添加了一个元标记,它应该通过创建允许使用的白色网站列表来解决问题,但是我仍然得到相同的错误。不确定我做错了什么。
这是元标记。
<meta http-equiv="Content-Security-Policy: frame-ancestors 'https://www.linkedin.com'
" name="csrf-token" content="{{ csrf_token() }}" />