内容安全策略正在阻止我需要的内容

时间:2018-11-09 15:34:01

标签: apache aws-lambda content-security-policy

我有以下标题:

   headers['content-security-policy'] = [{

        key:   'Content-Security-Policy',

        value:  "default-src 'self' https://xxxxx.com/; font-src 'self' https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/ https://stats.g.doubleclick.net/; script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' 'unsafe-eval'; object-src 'none'"

    }];

然后我正在测试我的应用程序,但是内容被阻止了:

我在控制台中检查了chrome:

Refused to load the image 'https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-120141483-1&cid=1976094765.1541777205&jid=1662457520&_v=j71&z=121168835' because it violates the following Content Security Policy directive: "img-src 'self' data: https://www.google-analytics.com/ https://stats.g.doubleclick.net/".

loader.js:219 Refused to load the script 'https://www.gstatic.com/charts/45.2/loader.js' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval'".

标题栏有什么问题,我需要更改或添加一些内容吗?

我想用amb的lambada进行测试或使用apache2进行部署

非常感谢

0 个答案:

没有答案