我在自己的网站上实现了Content Security Policy。以下是我收到的CSP报告的一部分。
Imports Microsoft.Reporting.WinForms
Public Class meberwisepayment
Private Sub meberwisepayment_Load(sender As Object, e As EventArgs) Handles MyBase.Load
End Sub
Private Sub find_Click(sender As Object, e As EventArgs) Handles find.Click
Me.mpaymentTableAdapter.Fill(Me.eksath1DataSet.mpayment, fromdate.Text, todate.Text)
Me.ReportViewer1.RefreshReport()
End Sub
End Class
该报告指向我标头中的prefetch标签。
{
"csp-report": {
"blocked-uri": "https://res.cloudinary.com",
"document-uri": "https://example.in/",
"original-policy": "default-src https://example.in; img-src https://example.in https://res.cloudinary.com; script-src https://example.in https://apis.google.com https://www.google-analytics.com; report-uri https://example.in/csp-report",
"referrer": "",
"violated-directive": "default-src"
}
}
我在img-src指令下白名单了“ https://res.cloudinary.com”。
它仍然被阻止。我不确定为什么。
这是实际的标题
<link rel="prefetch" href="https://res.cloudinary.com/example/image/upload/example.png">