我总是不断收到CloudFront的来信。这是我的标题。由于较大的内容安全策略条目,标头大小为12KB。 有人可以帮助解决此问题吗?
HTTP/2 200
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2019 07:44:55 GMT
server: nginx/1.15.9
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; script-src 'self' 'unsafe-inline' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com 'unsafe-eval'; connect-src * 'self' ws://asort.com wss://asort.com http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; img-src data: 'self' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; style-src 'self' 'unsafe-inline' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; font-src 'self' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com data: http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com;
x-powered-by: Express
vary: Accept-Encoding
x-whom: rc-nginx
x-cache: Miss from cloudfront
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
x-amz-cf-id: AxvhfreM3y8ex1iHfvxuYCPM5RZq4GYfW3mm0OjF5vbI6GSThkYW3g==
答案 0 :(得分:0)
“内容安全策略”应该不是问题。我没有在响应标头中看到任何可能导致MISS的Cache-Control / Expire标头,这意味着您需要查看CloudFront配置。 1.您是否已将“基于选定头”的缓存设置为ALL? 2.您是否在任何白名单中都为每个请求更改了值? 3.所有TTL 0都应为您提供RefreshHit,但如果cookie /查询字符串等正在更改并且您选择了“转发所有”集,请检查“缓存行为配置”。