我有以下标题:
headers['content-security-policy'] = [{
key: 'Content-Security-Policy',
value: "default-src 'self' https://xxxxx.com/; font-src 'self' https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/ https://stats.g.doubleclick.net/; script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' 'unsafe-eval'; object-src 'none'"
}];
然后我正在测试我的应用程序,但是内容被阻止了:
我在控制台中检查了chrome:
Refused to load the image 'https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-120141483-1&cid=1976094765.1541777205&jid=1662457520&_v=j71&z=121168835' because it violates the following Content Security Policy directive: "img-src 'self' data: https://www.google-analytics.com/ https://stats.g.doubleclick.net/".
loader.js:219 Refused to load the script 'https://www.gstatic.com/charts/45.2/loader.js' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval'".
标题栏有什么问题,我需要更改或添加一些内容吗?
我想用amb的lambada进行测试或使用apache2进行部署
非常感谢