内容安全政策停止运行任何与Google相关的API脚本

时间:2019-07-02 09:14:07

标签: google-analytics recaptcha content-security-policy

我知道这个问题已经发布了多次,并且我尝试将其实施到我的代码中,但是错误仍然存​​在。

我在.htaccess中添加了CSP代码,然后在另一个文件中添加了所有与Google相关的API 

Header set Content-Security-Policy "default-src 'self';img-src www.google-analytics.com  www.gstatic.com 'self'; script-src 'self' https://www.googletagmanager.com http://www.google.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com"

这就是我在.htaccess内容安全策略中声明的内容, 然后我有代码


<script src="https://www.google.com/recaptcha/api.js?render={{ config('settings.site_key')  }}"></script>
<script>
      grecaptcha.ready(function() {
        grecaptcha.execute('{{ config('settings.site_key')  }}', {action: 'homepage'}).then(function(token) {
        console.log(token);
      });
    });
</script>

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-40176522-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-40176522-1');
</script>
<!-- Google Code for Remarketing Tag -->
<script type="text/javascript">
  /* <![CDATA[ */
  var google_conversion_id = 975973304;
  var google_custom_params = window.google_tag_params;
  var google_remarketing_only = true;
  /* ]]> */
</script>

这会给我enter image description here

0 个答案:

没有答案
相关问题
最新问题