我正在尝试使用spring安全性,通过以下spring-security-config.xml添加Content-Security-Policy
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true">
<security:intercept-url
pattern="/ResetPassword**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<headers defaults-disabled="true">
<content-type-options />
<hsts include-subdomains="true" max-age-seconds="31536000" />
<content-security-policy
policy-directives="script-src 'self'
https://trustedscripts.example.com; object-src
https://trustedplugins.example.com; report-uri /csp-report-endpoint/"
report-only="true" />
</headers>
</security:http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abc" authorities="IS_AUTHENTICATED_ANONYMOUSLY" />
</user-service>
</authentication-provider>
</authentication-manager>
我收到以下错误: 由以下原因引起:org.xml.sax.SAXParseException; lineNumber:19; columnNumber:26; cvc-complex-type.2.4.a:发现无效的内容(从元素“ content-security-policy”开始)。 “ {” {http://www.springframework.org/schema/security”:缓存控制,“ http://www.springframework.org/schema/security”:xss保护,“ http://www.springframework.org/schema/security”:hsts,“ http://www.springframework.org/schema/security”:frame-options之一, “ http://www.springframework.org/schema/security”:内容类型选项,“ http://www.springframework.org/schema/security”:标题}。 com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(未知来源)