拒绝加载样式表,因为它违反了以下“内容安全策略”指令(即刻)

时间:2019-08-07 18:30:39

标签: javascript html content-security-policy

今天,我正在尝试为我的网站制作至少一些CSP,并且我知道使用nonce和meta标签并不是最好的方法,但是我正在使用GitHub页面,并且它不支持安全性标头。

因此,我创建了一个脚本,该脚本自动生成4096个随机字符长度并将其编码为base64,然后将其作为nonce-randomizedThing附加到html。

以下是脚本:

function cmFuZG9t(length) {
    let cmVzdWx0 = ''
    let Y2hhcnNldA = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
    let bGVuZ3Ro = Y2hhcnNldA.length;
    for (let i = 0; i < length; i++) {
        cmVzdWx0 += Y2hhcnNldA.charAt(Math.floor(Math.random() * bGVuZ3Ro))
    }
    return cmVzdWx0;
}

function bWFrZW5vbmNl() {
    let bmV3Tm5vbmNl = btoa(cmFuZG9t(4096))
    let bWFrZW5ld25vbmNl = `<!-- SECURITY (AT LEAST I TRIED OK) -->
    <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src 'nonce-${bmV3Tm5vbmNl}'; style-src 'nonce-${bmV3Tm5vbmNl}'">`
    $('head').append(bWFrZW5ld25vbmNl)
    $('script').attr('nonce', bmV3Tm5vbmNl)
    $('link').attr('nonce', bmV3Tm5vbmNl) // <- the problematic one

    bWFrZW5ld25vbmNl = null
    bmV3Tm5vbmNl = null
}

$(window).on("load", bWFrZW5vbmNl)

是的,它使用JQuery。

因此,问题在于网站加载时开始出现怪异的错误,而怪异的部分仅发生在<link>标签上:

Refused to load the stylesheet 'https://domain/bootstrap/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'nonce-dkhieExybzJPSFBNaW96WHRZVjRXMlFlakxveTIzMUFUSFA1M0xEWXdQZnBya0lFZWp0MktuOXdKRGtoRm4yM2xsRm5RQmd1b3EyZUZVR2RzZ1l6c1AycEVSSXVRbFBZU3dVMG1tT1ROYnd4U1NKcnY1dHFpaGlkTWxaazVlQnZ2dXdlUkNXNWdkd210b05ySVo2SkVKU2pxVUNwWEZGYVZrR2hmeHZUb1JWODJ1VU1SVk5xaG9UZ2tQMFlhbjg3ZE83TGt3bmY3UGo2bzdxY0tXbEpvTXgwdGZvUVdZVHlIMXkzbERuTzNOS2RsaGQwdFVGWms4WmdReDU0Z0NOakM3em04Wmh1UjJ6MWFwS3lRaFJwRlhyVDREcWJOZGhqU2JOS3ZIMlRHZUM4UDhTQ0JySXBDSDIwNEVySGRrS3haV1Q4ZkxqZVRmZ3hkRFlkRVFYTmhpT3V2UXFMa3E5bnFWWGhtWDFXRGFtWVFmQU5hRm5pZUo3R0pEOVkyaWVZYTRDNUxmMzFyU2VRQ0FaTVA5N0tuSzQ5eEU5QmNYd0Ezd1BWUTVOSHAxcXpGem82MFo1VHlVeFg5Njl1WDdSZjVZazNYZ29DUDc2QVFPQ05YODYwMndna2lOMjd3b3c5VFJCOTNUZk5aWFB1bEhwdERieFpQcVVtYXJndWE1YXZaaFJzOXE2Ynp2TTBweFJ0SzVDbllUbW8wdDhGUHdyaUNPWXlrZEs5OWlGQkFQNXdaTnVrcGc0VkVDeDJuTmljMXN4cDdIbVB2bTE1VWhrNU5xbVNLZW1OWEZEcDZ5b3VqMjVNSzhJRjJGMkhTY1VmT2Z1eTJjSlhDcFlYbDN3TXRDdUxZU2UyeHFTTjdUckdhZmc0cFhhR285Z2lDTFBtUElwMlF2UVFtZWlUVWE4TUQyYnZYdTU0a1FERlJkc09EUGUwTHc1OEdKN0FBV2xCejdwcnpNYXFXajI2Rk14TWdDQ1RIWGhsWWtOMDU3QmFvUWZ5SFY2WnB4VnRwYUluYjJOelN6QU1lb1pWdllITWlKaDM3QnMxMDFOckZEUUkxS1hkZmxPZ3R2Q0k4Mm5SaEc3b09zeEVnQUhYU1dac2tFaUxPOHM2SnJ1N0dPOGZjdnNpcHdrQkFMZmxXenNUU3gwVGFXSExBS1ZsdW1BTjZmWkxkN0tpU05zdWRRQU5PY2FKMGMxSkEwYnl4NmQ4aTRCaWR5bm9DMTNuNFVYdmsyUGc1R0lKUm0xWHVjTk8xcnEyc2lsRm9GTG56T0ZoSFNDT3lVWWVaUjNDSGoweU5SQWZ3NEVEN0RDRmk4Q2ZOdXVobjg0NDN5bVFpdlBoQjI1bkVKdjNrUWNTakJtRU9WbGxCZ3EwVVY4RjJqVXVEWEFJa2dGZnJPOEhsUzhDc3hxdWw1TWI1WEJMc2xwaDlnVHlyUUJRMWdFU1ZOcWdZTjZER1BWN0diZGp3NVFUWHduYjFHWmVVT0RTU0xvSE8yNVNHazdFaExJdTVsVUZXUXF6YVRtenBjUHZRV2lLOGRCWHRkSFpESnhCUklpNnc2UEQ3akJ4emYzVFFaR0Y4ZXVENGVIaXF6YTVnVXFmazR2QU40YmlhR3FZbUd5VWlKMDduaUlxUno5bEdaaFF6MW5vYjZYaXBYV290YUVVZWgwbTlRVjBMUUdtY2txaXJCZlJldE9mckJaeVl6U043T25ja0s1R2xLTnRUdG5jUzUwR3Vpb2V6WVZRWEdpdWdaMUtoWGlEVGJibmE2eG9EWDZId1A5T0JUSklFWXBtZDJvRXhjRVpRYWhwOURyNTRoZkNLS1NlVkgyZm5VaExHcWdpa3JJc2JPUDNhVXNJUGhudW03cHRtWVhaZUdYYmRZbFFBaEFpbEpDSXRzRUlVWmJOb1BLb0pGNnl4VkJNbWxFRnEzbXg5RmdRTHBKb0txRXc0aTZwaDJDRkhtalJtWGk0OUN0U2plQXpJNVd1NmEyMno0dWxQSXl2c3lIbEVOOVJ3NE9GbWtxOEZ5Y1c3WHA2Z21VeE9PR2Rrd0NHMFd2bWdiS2JWT3RocTJEaXNUclB2cHJTSGF1RkZlY3JYeFBCdmJ0Mkc5UHRUYWNZcVVRczVWSTlUWVZkaUhLVGpXMUJaNjJYOWgzQnBmS3JKR01HOXBYNHdWeHRJcUR0R2Z0QjdndXdZeVhYN2llZUp0YjlpcHgwMmx5RWswQXJJS2ZuNENnVTVXUExXdGt6NWhyUTRScnpPdkZKN1Z1ZUF4RGJJN0lJS2FLTXhETVFXMHk1Sjc0T3NsTkVBeWtqa3RYbEp0VVAwQTJSTmd3Ym5JVkRDTjZOaDRlNEJWWWp4eWRraTM0ZzBnVEZYSERXNkluQkhrUHM5SWdoUXZHZ2RWSFVTRHRldWEzeXlFN21NY0NsenNkMUpJWHZ5MzN0MUtuUHQ0dk1COURWQ1hYSXBreERFUG10d2lhTnpBZUhiT1pza0t1dllMRjNOeDNYSjhFQUQ1dHdIQ1VBZzZTakZKd0VMVUx4ZzVhRkpZeDY2YVlIUjlTNEF0ckdpNDY2MVUwMkFxeU10WHBtUlB4UUNKN2c1ZW9zT0ROMHlHZG4wbDlHcHRHS3JyTTlTaWFEMHFFRkxRdm9HMVNOWlpJNmlXSHBaaDdoakRBRXZMSFV2V0FTTHRrUkJNbHRNZnNDT1d2ZGROYlVDcmJ4QllQRWRFbG5tZXZXU0VVN3pTNkozYXI5YjRNbjlmalhtamdicTRoa0t6eVdGQTJtTVk5cG12MUo0OVFybWJicjUxOUJiSndMdWc5cGE2Njlwend0bExXQVVuTUVVcG4yZ3hlcVc1aTloaGxUODZaUE9pbERxVzNHcklOcWo3akJNSWM0M0hJSnZzT3A5ZnpLZmVQbUxOUEt6ZElmYlRUMlQ5d05ENWpWUnYyN2pQdlBXeGxkbnFyc3FKc2ZzMVNmWmlWRWxEMWpheEx4d2xmTVBLTkFrMDFhMGJlS2VOTDhhRGdka0RScUJNZUJqZ29tZmY3T3c1R0VzYnlOeXg3SGIzMk95M240elFOVVFhQzk5ZGx3VnFDZzdNTUFMOXlOZVVTS3hCSFpvWVZTTFcyM05FZERnVnlTVll5TVF1QmtWQW9oR2JQaUU0RXlhRzRpZGpnZkVRdmViZkdnbmdqRm9sRnhNMUVGYWZ5czNjaXZnS2ltWnlHaHZicHNDVmY0SUY5SkZ4WmtwR1RvTnNldTRDT3RFWGJTVHd0UTFtZE1RcnkxN2YwM0dCc0J0M2hZVFZ4c1lUOTdyTDRCdW9OT2I1RlZSa1lmcGlkUHVUR001ZE1yQTIwU0FqZGR1VmVhRVJ6TTBnZFlaT2xTd2JzVHlQQVRJWHdGc2ZNVUVwTzRuMXpoRWJMTUpPYUVJTlJCZjZ0VUI4cDAzWGRVM0VZSVZBZXRPRHV2TklLR0dLYkE3TDExVXYwcjJNRWRvQXRTdXFEd2FNMG04R0d4UHdoMHM5UUdKSUxMTmFmc2paMFllS1BzcFQ4bHM5Vkw1SGZYZ2NyNEJ4VzhrVGNHT3pTUlNSYnhac1pnR3pUYktRWU9hUzBpM0Y0YmNDQ1Ezc3locTdlN2prQ2tJdERoQnhDaVo0NEN2UjREVFlibEZnZTNyTkVrTnppNUFCZzBiZXpGWkFUczdaTEpNQWw3WWRnYVlmTzV3dkhjaGdRS0dUTzFJcDRCbGVlM0VqQ0Nvd2ozallKaVZJclZXRkxJOGVyUWZKcjhpOXBKU25GeGc0VzZjU2xnemNvRGhOVUduYWtpend4T09WV1RzSFppMjI0TWJycmFzRm41NktsRDFXVjZvVkh4ZlpjYTl2NGRqZ2Q3aDZaZWNhNkxON05sQjg4dFByVEx4Yk5ESzVEUXV1a0lYR2xRYzZ5bkF6eXJBME1vdXdlcmNDd0Y1b0xzWERNelBJR2lTVGp0c0Ria2hqRXRoMkRBQzROQ3dGb1E0bXBhNHRvSzkyYTVhOGRmSG43Q0p6VDRpOEZHbTE4WW04cG5LQlppa1hFbFlkbmltNWN1eWpGNzNvWjFkZ0x2UXBYblJHcWRPRlZEQjlza2tBZkdka2cyTEI5WXNNOXBjTjhKendONHMyc2FLQ0JLcTdCZ2RCN1g3dEZRWklJbUxmcXFhWFF2N1FDWGpmY2Vlb0w0WEJvaUE3WXlPV0ZwYnN1QWZZMjVBUkxWbUVZa1YzNFFBSWowZXdtMzVqYUZKb2oybkEyeHNwSGxMVlRidHM0TFVsdUg1WXBHMmdYelBFdEt5RHk0YUJZZ0ltdlRFVFp3WFRLVTdEbGFwY05XU29rSUk2U3cxeEJvODRreldhRU02eGs1cUpheHNQd002QnJrYmRYelV5MFF0NlFSczB5SFg0V3JyUkhsUVZ4UURiUXJmOWFveDVkcHIwd0JIa0ZDdW1hMW4wd3Z1U2xmU0t3WmJ0TmgyMnhWRlJlQTlocXFXbWhMaG9kQTVBdGRMcmQ5T2hFNXJXbUxGMG9kRFF5RGM3cHF3TFZNdlFuNEQzTGZORkpzNlpJaHNlc0V3RDlVUFcxQWZFN0pSZmVST2w0VDdWOU02aGxXWDhMWXI4bkNGTk90c0VHSkRmVUtORkFaamJlNTFPQWlCSDJEcGRyUzVscHUzWHc0dDhSa2RqZDVpRTh6Uk9DaDhITkJKdmhJTmxhUTZoNzU2ZDFxUllhS28wMHhlc0RjclV6czR6bnMwMDdJbWlmOUdRVElHM3M4b0wxaWFDOHpCWlhFdDJpT09pQXBrZUNtZkRuZUt1M0t5bExrYzhiMExVWngyTDh6MHdUUHljeVFrcDJBMGVuaGdBaVhGekFuM3l2dGpXek5DTWVpYnlob0dSQzFBQjdxQk9wZHJqUVBCbklXRGFOZ2kycHhIYnBwREtIMHpac2YwWXR4UWJJTDFwWnZlem1EdkZIbWVqYXgzNGtJWjd1dEpMMUFVaUtLZGdUb0FCQjdLWkxTT3hPVlpZbE52djY4eEd1Tng5d2xVQ3RIUUlZdEhoWGRVcFBMc2RvZ2VqWk9yOWJsbWdTSjh2b0ZXMGRUSHFXamVROTdiUUpEUGV1VkJGa09Tc29QR3ZXcU13d3liVktrV2U2MTdpblpUbndvYkpyb01KMHFpVWdZYUJCTWFEV0w2Q1RrNWp2b01ma05pN3RjU3puR1pMQ2RNdU1waVB6Z2Y4aGt1c1RTWXRYUktsUE5RMnlDVml2WmI5SHdBeElXTWtGWnpyNWplMGp5UU5CYW5tTjBSRnhuVDdGb1R6dmhNcEhPMVg2ODFqTjBnMVE2TWxsdUVGNWxKSktkMnhlWk9PSlBVT0NRYXNmNE1PNE1ENkxkenZMTGJVdkpKcTVjRW1zcWFlZGY4b3VDSnI0MWdZUUxlQVQ4Y0Z5MjBPSGVIWUNJYjhia1VKWGtwVG5BSGFxUDNrbGtraVBPMmtQZA=='". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

domain/:1 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Fira+Mono&display=swap' because it violates the following Content Security Policy directive: "style-src 'nonce-dkhieExybzJPSFBNaW96WHRZVjRXMlFlakxveTIzMUFUSFA1M0xEWXdQZnBya0lFZWp0MktuOXdKRGtoRm4yM2xsRm5RQmd1b3EyZUZVR2RzZ1l6c1AycEVSSXVRbFBZU3dVMG1tT1ROYnd4U1NKcnY1dHFpaGlkTWxaazVlQnZ2dXdlUkNXNWdkd210b05ySVo2SkVKU2pxVUNwWEZGYVZrR2hmeHZUb1JWODJ1VU1SVk5xaG9UZ2tQMFlhbjg3ZE83TGt3bmY3UGo2bzdxY0tXbEpvTXgwdGZvUVdZVHlIMXkzbERuTzNOS2RsaGQwdFVGWms4WmdReDU0Z0NOakM3em04Wmh1UjJ6MWFwS3lRaFJwRlhyVDREcWJOZGhqU2JOS3ZIMlRHZUM4UDhTQ0JySXBDSDIwNEVySGRrS3haV1Q4ZkxqZVRmZ3hkRFlkRVFYTmhpT3V2UXFMa3E5bnFWWGhtWDFXRGFtWVFmQU5hRm5pZUo3R0pEOVkyaWVZYTRDNUxmMzFyU2VRQ0FaTVA5N0tuSzQ5eEU5QmNYd0Ezd1BWUTVOSHAxcXpGem82MFo1VHlVeFg5Njl1WDdSZjVZazNYZ29DUDc2QVFPQ05YODYwMndna2lOMjd3b3c5VFJCOTNUZk5aWFB1bEhwdERieFpQcVVtYXJndWE1YXZaaFJzOXE2Ynp2TTBweFJ0SzVDbllUbW8wdDhGUHdyaUNPWXlrZEs5OWlGQkFQNXdaTnVrcGc0VkVDeDJuTmljMXN4cDdIbVB2bTE1VWhrNU5xbVNLZW1OWEZEcDZ5b3VqMjVNSzhJRjJGMkhTY1VmT2Z1eTJjSlhDcFlYbDN3TXRDdUxZU2UyeHFTTjdUckdhZmc0cFhhR285Z2lDTFBtUElwMlF2UVFtZWlUVWE4TUQyYnZYdTU0a1FERlJkc09EUGUwTHc1OEdKN0FBV2xCejdwcnpNYXFXajI2Rk14TWdDQ1RIWGhsWWtOMDU3QmFvUWZ5SFY2WnB4VnRwYUluYjJOelN6QU1lb1pWdllITWlKaDM3QnMxMDFOckZEUUkxS1hkZmxPZ3R2Q0k4Mm5SaEc3b09zeEVnQUhYU1dac2tFaUxPOHM2SnJ1N0dPOGZjdnNpcHdrQkFMZmxXenNUU3gwVGFXSExBS1ZsdW1BTjZmWkxkN0tpU05zdWRRQU5PY2FKMGMxSkEwYnl4NmQ4aTRCaWR5bm9DMTNuNFVYdmsyUGc1R0lKUm0xWHVjTk8xcnEyc2lsRm9GTG56T0ZoSFNDT3lVWWVaUjNDSGoweU5SQWZ3NEVEN0RDRmk4Q2ZOdXVobjg0NDN5bVFpdlBoQjI1bkVKdjNrUWNTakJtRU9WbGxCZ3EwVVY4RjJqVXVEWEFJa2dGZnJPOEhsUzhDc3hxdWw1TWI1WEJMc2xwaDlnVHlyUUJRMWdFU1ZOcWdZTjZER1BWN0diZGp3NVFUWHduYjFHWmVVT0RTU0xvSE8yNVNHazdFaExJdTVsVUZXUXF6YVRtenBjUHZRV2lLOGRCWHRkSFpESnhCUklpNnc2UEQ3akJ4emYzVFFaR0Y4ZXVENGVIaXF6YTVnVXFmazR2QU40YmlhR3FZbUd5VWlKMDduaUlxUno5bEdaaFF6MW5vYjZYaXBYV290YUVVZWgwbTlRVjBMUUdtY2txaXJCZlJldE9mckJaeVl6U043T25ja0s1R2xLTnRUdG5jUzUwR3Vpb2V6WVZRWEdpdWdaMUtoWGlEVGJibmE2eG9EWDZId1A5T0JUSklFWXBtZDJvRXhjRVpRYWhwOURyNTRoZkNLS1NlVkgyZm5VaExHcWdpa3JJc2JPUDNhVXNJUGhudW03cHRtWVhaZUdYYmRZbFFBaEFpbEpDSXRzRUlVWmJOb1BLb0pGNnl4VkJNbWxFRnEzbXg5RmdRTHBKb0txRXc0aTZwaDJDRkhtalJtWGk0OUN0U2plQXpJNVd1NmEyMno0dWxQSXl2c3lIbEVOOVJ3NE9GbWtxOEZ5Y1c3WHA2Z21VeE9PR2Rrd0NHMFd2bWdiS2JWT3RocTJEaXNUclB2cHJTSGF1RkZlY3JYeFBCdmJ0Mkc5UHRUYWNZcVVRczVWSTlUWVZkaUhLVGpXMUJaNjJYOWgzQnBmS3JKR01HOXBYNHdWeHRJcUR0R2Z0QjdndXdZeVhYN2llZUp0YjlpcHgwMmx5RWswQXJJS2ZuNENnVTVXUExXdGt6NWhyUTRScnpPdkZKN1Z1ZUF4RGJJN0lJS2FLTXhETVFXMHk1Sjc0T3NsTkVBeWtqa3RYbEp0VVAwQTJSTmd3Ym5JVkRDTjZOaDRlNEJWWWp4eWRraTM0ZzBnVEZYSERXNkluQkhrUHM5SWdoUXZHZ2RWSFVTRHRldWEzeXlFN21NY0NsenNkMUpJWHZ5MzN0MUtuUHQ0dk1COURWQ1hYSXBreERFUG10d2lhTnpBZUhiT1pza0t1dllMRjNOeDNYSjhFQUQ1dHdIQ1VBZzZTakZKd0VMVUx4ZzVhRkpZeDY2YVlIUjlTNEF0ckdpNDY2MVUwMkFxeU10WHBtUlB4UUNKN2c1ZW9zT0ROMHlHZG4wbDlHcHRHS3JyTTlTaWFEMHFFRkxRdm9HMVNOWlpJNmlXSHBaaDdoakRBRXZMSFV2V0FTTHRrUkJNbHRNZnNDT1d2ZGROYlVDcmJ4QllQRWRFbG5tZXZXU0VVN3pTNkozYXI5YjRNbjlmalhtamdicTRoa0t6eVdGQTJtTVk5cG12MUo0OVFybWJicjUxOUJiSndMdWc5cGE2Njlwend0bExXQVVuTUVVcG4yZ3hlcVc1aTloaGxUODZaUE9pbERxVzNHcklOcWo3akJNSWM0M0hJSnZzT3A5ZnpLZmVQbUxOUEt6ZElmYlRUMlQ5d05ENWpWUnYyN2pQdlBXeGxkbnFyc3FKc2ZzMVNmWmlWRWxEMWpheEx4d2xmTVBLTkFrMDFhMGJlS2VOTDhhRGdka0RScUJNZUJqZ29tZmY3T3c1R0VzYnlOeXg3SGIzMk95M240elFOVVFhQzk5ZGx3VnFDZzdNTUFMOXlOZVVTS3hCSFpvWVZTTFcyM05FZERnVnlTVll5TVF1QmtWQW9oR2JQaUU0RXlhRzRpZGpnZkVRdmViZkdnbmdqRm9sRnhNMUVGYWZ5czNjaXZnS2ltWnlHaHZicHNDVmY0SUY5SkZ4WmtwR1RvTnNldTRDT3RFWGJTVHd0UTFtZE1RcnkxN2YwM0dCc0J0M2hZVFZ4c1lUOTdyTDRCdW9OT2I1RlZSa1lmcGlkUHVUR001ZE1yQTIwU0FqZGR1VmVhRVJ6TTBnZFlaT2xTd2JzVHlQQVRJWHdGc2ZNVUVwTzRuMXpoRWJMTUpPYUVJTlJCZjZ0VUI4cDAzWGRVM0VZSVZBZXRPRHV2TklLR0dLYkE3TDExVXYwcjJNRWRvQXRTdXFEd2FNMG04R0d4UHdoMHM5UUdKSUxMTmFmc2paMFllS1BzcFQ4bHM5Vkw1SGZYZ2NyNEJ4VzhrVGNHT3pTUlNSYnhac1pnR3pUYktRWU9hUzBpM0Y0YmNDQ1Ezc3locTdlN2prQ2tJdERoQnhDaVo0NEN2UjREVFlibEZnZTNyTkVrTnppNUFCZzBiZXpGWkFUczdaTEpNQWw3WWRnYVlmTzV3dkhjaGdRS0dUTzFJcDRCbGVlM0VqQ0Nvd2ozallKaVZJclZXRkxJOGVyUWZKcjhpOXBKU25GeGc0VzZjU2xnemNvRGhOVUduYWtpend4T09WV1RzSFppMjI0TWJycmFzRm41NktsRDFXVjZvVkh4ZlpjYTl2NGRqZ2Q3aDZaZWNhNkxON05sQjg4dFByVEx4Yk5ESzVEUXV1a0lYR2xRYzZ5bkF6eXJBME1vdXdlcmNDd0Y1b0xzWERNelBJR2lTVGp0c0Ria2hqRXRoMkRBQzROQ3dGb1E0bXBhNHRvSzkyYTVhOGRmSG43Q0p6VDRpOEZHbTE4WW04cG5LQlppa1hFbFlkbmltNWN1eWpGNzNvWjFkZ0x2UXBYblJHcWRPRlZEQjlza2tBZkdka2cyTEI5WXNNOXBjTjhKendONHMyc2FLQ0JLcTdCZ2RCN1g3dEZRWklJbUxmcXFhWFF2N1FDWGpmY2Vlb0w0WEJvaUE3WXlPV0ZwYnN1QWZZMjVBUkxWbUVZa1YzNFFBSWowZXdtMzVqYUZKb2oybkEyeHNwSGxMVlRidHM0TFVsdUg1WXBHMmdYelBFdEt5RHk0YUJZZ0ltdlRFVFp3WFRLVTdEbGFwY05XU29rSUk2U3cxeEJvODRreldhRU02eGs1cUpheHNQd002QnJrYmRYelV5MFF0NlFSczB5SFg0V3JyUkhsUVZ4UURiUXJmOWFveDVkcHIwd0JIa0ZDdW1hMW4wd3Z1U2xmU0t3WmJ0TmgyMnhWRlJlQTlocXFXbWhMaG9kQTVBdGRMcmQ5T2hFNXJXbUxGMG9kRFF5RGM3cHF3TFZNdlFuNEQzTGZORkpzNlpJaHNlc0V3RDlVUFcxQWZFN0pSZmVST2w0VDdWOU02aGxXWDhMWXI4bkNGTk90c0VHSkRmVUtORkFaamJlNTFPQWlCSDJEcGRyUzVscHUzWHc0dDhSa2RqZDVpRTh6Uk9DaDhITkJKdmhJTmxhUTZoNzU2ZDFxUllhS28wMHhlc0RjclV6czR6bnMwMDdJbWlmOUdRVElHM3M4b0wxaWFDOHpCWlhFdDJpT09pQXBrZUNtZkRuZUt1M0t5bExrYzhiMExVWngyTDh6MHdUUHljeVFrcDJBMGVuaGdBaVhGekFuM3l2dGpXek5DTWVpYnlob0dSQzFBQjdxQk9wZHJqUVBCbklXRGFOZ2kycHhIYnBwREtIMHpac2YwWXR4UWJJTDFwWnZlem1EdkZIbWVqYXgzNGtJWjd1dEpMMUFVaUtLZGdUb0FCQjdLWkxTT3hPVlpZbE52djY4eEd1Tng5d2xVQ3RIUUlZdEhoWGRVcFBMc2RvZ2VqWk9yOWJsbWdTSjh2b0ZXMGRUSHFXamVROTdiUUpEUGV1VkJGa09Tc29QR3ZXcU13d3liVktrV2U2MTdpblpUbndvYkpyb01KMHFpVWdZYUJCTWFEV0w2Q1RrNWp2b01ma05pN3RjU3puR1pMQ2RNdU1waVB6Z2Y4aGt1c1RTWXRYUktsUE5RMnlDVml2WmI5SHdBeElXTWtGWnpyNWplMGp5UU5CYW5tTjBSRnhuVDdGb1R6dmhNcEhPMVg2ODFqTjBnMVE2TWxsdUVGNWxKSktkMnhlWk9PSlBVT0NRYXNmNE1PNE1ENkxkenZMTGJVdkpKcTVjRW1zcWFlZGY4b3VDSnI0MWdZUUxlQVQ4Y0Z5MjBPSGVIWUNJYjhia1VKWGtwVG5BSGFxUDNrbGtraVBPMmtQZA=='". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

domain/:1 Refused to load the stylesheet 'https://domain/css/main.min.css' because it violates the following Content Security Policy directive: "style-src 'nonce-dkhieExybzJPSFBNaW96WHRZVjRXMlFlakxveTIzMUFUSFA1M0xEWXdQZnBya0lFZWp0MktuOXdKRGtoRm4yM2xsRm5RQmd1b3EyZUZVR2RzZ1l6c1AycEVSSXVRbFBZU3dVMG1tT1ROYnd4U1NKcnY1dHFpaGlkTWxaazVlQnZ2dXdlUkNXNWdkd210b05ySVo2SkVKU2pxVUNwWEZGYVZrR2hmeHZUb1JWODJ1VU1SVk5xaG9UZ2tQMFlhbjg3ZE83TGt3bmY3UGo2bzdxY0tXbEpvTXgwdGZvUVdZVHlIMXkzbERuTzNOS2RsaGQwdFVGWms4WmdReDU0Z0NOakM3em04Wmh1UjJ6MWFwS3lRaFJwRlhyVDREcWJOZGhqU2JOS3ZIMlRHZUM4UDhTQ0JySXBDSDIwNEVySGRrS3haV1Q4ZkxqZVRmZ3hkRFlkRVFYTmhpT3V2UXFMa3E5bnFWWGhtWDFXRGFtWVFmQU5hRm5pZUo3R0pEOVkyaWVZYTRDNUxmMzFyU2VRQ0FaTVA5N0tuSzQ5eEU5QmNYd0Ezd1BWUTVOSHAxcXpGem82MFo1VHlVeFg5Njl1WDdSZjVZazNYZ29DUDc2QVFPQ05YODYwMndna2lOMjd3b3c5VFJCOTNUZk5aWFB1bEhwdERieFpQcVVtYXJndWE1YXZaaFJzOXE2Ynp2TTBweFJ0SzVDbllUbW8wdDhGUHdyaUNPWXlrZEs5OWlGQkFQNXdaTnVrcGc0VkVDeDJuTmljMXN4cDdIbVB2bTE1VWhrNU5xbVNLZW1OWEZEcDZ5b3VqMjVNSzhJRjJGMkhTY1VmT2Z1eTJjSlhDcFlYbDN3TXRDdUxZU2UyeHFTTjdUckdhZmc0cFhhR285Z2lDTFBtUElwMlF2UVFtZWlUVWE4TUQyYnZYdTU0a1FERlJkc09EUGUwTHc1OEdKN0FBV2xCejdwcnpNYXFXajI2Rk14TWdDQ1RIWGhsWWtOMDU3QmFvUWZ5SFY2WnB4VnRwYUluYjJOelN6QU1lb1pWdllITWlKaDM3QnMxMDFOckZEUUkxS1hkZmxPZ3R2Q0k4Mm5SaEc3b09zeEVnQUhYU1dac2tFaUxPOHM2SnJ1N0dPOGZjdnNpcHdrQkFMZmxXenNUU3gwVGFXSExBS1ZsdW1BTjZmWkxkN0tpU05zdWRRQU5PY2FKMGMxSkEwYnl4NmQ4aTRCaWR5bm9DMTNuNFVYdmsyUGc1R0lKUm0xWHVjTk8xcnEyc2lsRm9GTG56T0ZoSFNDT3lVWWVaUjNDSGoweU5SQWZ3NEVEN0RDRmk4Q2ZOdXVobjg0NDN5bVFpdlBoQjI1bkVKdjNrUWNTakJtRU9WbGxCZ3EwVVY4RjJqVXVEWEFJa2dGZnJPOEhsUzhDc3hxdWw1TWI1WEJMc2xwaDlnVHlyUUJRMWdFU1ZOcWdZTjZER1BWN0diZGp3NVFUWHduYjFHWmVVT0RTU0xvSE8yNVNHazdFaExJdTVsVUZXUXF6YVRtenBjUHZRV2lLOGRCWHRkSFpESnhCUklpNnc2UEQ3akJ4emYzVFFaR0Y4ZXVENGVIaXF6YTVnVXFmazR2QU40YmlhR3FZbUd5VWlKMDduaUlxUno5bEdaaFF6MW5vYjZYaXBYV290YUVVZWgwbTlRVjBMUUdtY2txaXJCZlJldE9mckJaeVl6U043T25ja0s1R2xLTnRUdG5jUzUwR3Vpb2V6WVZRWEdpdWdaMUtoWGlEVGJibmE2eG9EWDZId1A5T0JUSklFWXBtZDJvRXhjRVpRYWhwOURyNTRoZkNLS1NlVkgyZm5VaExHcWdpa3JJc2JPUDNhVXNJUGhudW03cHRtWVhaZUdYYmRZbFFBaEFpbEpDSXRzRUlVWmJOb1BLb0pGNnl4VkJNbWxFRnEzbXg5RmdRTHBKb0txRXc0aTZwaDJDRkhtalJtWGk0OUN0U2plQXpJNVd1NmEyMno0dWxQSXl2c3lIbEVOOVJ3NE9GbWtxOEZ5Y1c3WHA2Z21VeE9PR2Rrd0NHMFd2bWdiS2JWT3RocTJEaXNUclB2cHJTSGF1RkZlY3JYeFBCdmJ0Mkc5UHRUYWNZcVVRczVWSTlUWVZkaUhLVGpXMUJaNjJYOWgzQnBmS3JKR01HOXBYNHdWeHRJcUR0R2Z0QjdndXdZeVhYN2llZUp0YjlpcHgwMmx5RWswQXJJS2ZuNENnVTVXUExXdGt6NWhyUTRScnpPdkZKN1Z1ZUF4RGJJN0lJS2FLTXhETVFXMHk1Sjc0T3NsTkVBeWtqa3RYbEp0VVAwQTJSTmd3Ym5JVkRDTjZOaDRlNEJWWWp4eWRraTM0ZzBnVEZYSERXNkluQkhrUHM5SWdoUXZHZ2RWSFVTRHRldWEzeXlFN21NY0NsenNkMUpJWHZ5MzN0MUtuUHQ0dk1COURWQ1hYSXBreERFUG10d2lhTnpBZUhiT1pza0t1dllMRjNOeDNYSjhFQUQ1dHdIQ1VBZzZTakZKd0VMVUx4ZzVhRkpZeDY2YVlIUjlTNEF0ckdpNDY2MVUwMkFxeU10WHBtUlB4UUNKN2c1ZW9zT0ROMHlHZG4wbDlHcHRHS3JyTTlTaWFEMHFFRkxRdm9HMVNOWlpJNmlXSHBaaDdoakRBRXZMSFV2V0FTTHRrUkJNbHRNZnNDT1d2ZGROYlVDcmJ4QllQRWRFbG5tZXZXU0VVN3pTNkozYXI5YjRNbjlmalhtamdicTRoa0t6eVdGQTJtTVk5cG12MUo0OVFybWJicjUxOUJiSndMdWc5cGE2Njlwend0bExXQVVuTUVVcG4yZ3hlcVc1aTloaGxUODZaUE9pbERxVzNHcklOcWo3akJNSWM0M0hJSnZzT3A5ZnpLZmVQbUxOUEt6ZElmYlRUMlQ5d05ENWpWUnYyN2pQdlBXeGxkbnFyc3FKc2ZzMVNmWmlWRWxEMWpheEx4d2xmTVBLTkFrMDFhMGJlS2VOTDhhRGdka0RScUJNZUJqZ29tZmY3T3c1R0VzYnlOeXg3SGIzMk95M240elFOVVFhQzk5ZGx3VnFDZzdNTUFMOXlOZVVTS3hCSFpvWVZTTFcyM05FZERnVnlTVll5TVF1QmtWQW9oR2JQaUU0RXlhRzRpZGpnZkVRdmViZkdnbmdqRm9sRnhNMUVGYWZ5czNjaXZnS2ltWnlHaHZicHNDVmY0SUY5SkZ4WmtwR1RvTnNldTRDT3RFWGJTVHd0UTFtZE1RcnkxN2YwM0dCc0J0M2hZVFZ4c1lUOTdyTDRCdW9OT2I1RlZSa1lmcGlkUHVUR001ZE1yQTIwU0FqZGR1VmVhRVJ6TTBnZFlaT2xTd2JzVHlQQVRJWHdGc2ZNVUVwTzRuMXpoRWJMTUpPYUVJTlJCZjZ0VUI4cDAzWGRVM0VZSVZBZXRPRHV2TklLR0dLYkE3TDExVXYwcjJNRWRvQXRTdXFEd2FNMG04R0d4UHdoMHM5UUdKSUxMTmFmc2paMFllS1BzcFQ4bHM5Vkw1SGZYZ2NyNEJ4VzhrVGNHT3pTUlNSYnhac1pnR3pUYktRWU9hUzBpM0Y0YmNDQ1Ezc3locTdlN2prQ2tJdERoQnhDaVo0NEN2UjREVFlibEZnZTNyTkVrTnppNUFCZzBiZXpGWkFUczdaTEpNQWw3WWRnYVlmTzV3dkhjaGdRS0dUTzFJcDRCbGVlM0VqQ0Nvd2ozallKaVZJclZXRkxJOGVyUWZKcjhpOXBKU25GeGc0VzZjU2xnemNvRGhOVUduYWtpend4T09WV1RzSFppMjI0TWJycmFzRm41NktsRDFXVjZvVkh4ZlpjYTl2NGRqZ2Q3aDZaZWNhNkxON05sQjg4dFByVEx4Yk5ESzVEUXV1a0lYR2xRYzZ5bkF6eXJBME1vdXdlcmNDd0Y1b0xzWERNelBJR2lTVGp0c0Ria2hqRXRoMkRBQzROQ3dGb1E0bXBhNHRvSzkyYTVhOGRmSG43Q0p6VDRpOEZHbTE4WW04cG5LQlppa1hFbFlkbmltNWN1eWpGNzNvWjFkZ0x2UXBYblJHcWRPRlZEQjlza2tBZkdka2cyTEI5WXNNOXBjTjhKendONHMyc2FLQ0JLcTdCZ2RCN1g3dEZRWklJbUxmcXFhWFF2N1FDWGpmY2Vlb0w0WEJvaUE3WXlPV0ZwYnN1QWZZMjVBUkxWbUVZa1YzNFFBSWowZXdtMzVqYUZKb2oybkEyeHNwSGxMVlRidHM0TFVsdUg1WXBHMmdYelBFdEt5RHk0YUJZZ0ltdlRFVFp3WFRLVTdEbGFwY05XU29rSUk2U3cxeEJvODRreldhRU02eGs1cUpheHNQd002QnJrYmRYelV5MFF0NlFSczB5SFg0V3JyUkhsUVZ4UURiUXJmOWFveDVkcHIwd0JIa0ZDdW1hMW4wd3Z1U2xmU0t3WmJ0TmgyMnhWRlJlQTlocXFXbWhMaG9kQTVBdGRMcmQ5T2hFNXJXbUxGMG9kRFF5RGM3cHF3TFZNdlFuNEQzTGZORkpzNlpJaHNlc0V3RDlVUFcxQWZFN0pSZmVST2w0VDdWOU02aGxXWDhMWXI4bkNGTk90c0VHSkRmVUtORkFaamJlNTFPQWlCSDJEcGRyUzVscHUzWHc0dDhSa2RqZDVpRTh6Uk9DaDhITkJKdmhJTmxhUTZoNzU2ZDFxUllhS28wMHhlc0RjclV6czR6bnMwMDdJbWlmOUdRVElHM3M4b0wxaWFDOHpCWlhFdDJpT09pQXBrZUNtZkRuZUt1M0t5bExrYzhiMExVWngyTDh6MHdUUHljeVFrcDJBMGVuaGdBaVhGekFuM3l2dGpXek5DTWVpYnlob0dSQzFBQjdxQk9wZHJqUVBCbklXRGFOZ2kycHhIYnBwREtIMHpac2YwWXR4UWJJTDFwWnZlem1EdkZIbWVqYXgzNGtJWjd1dEpMMUFVaUtLZGdUb0FCQjdLWkxTT3hPVlpZbE52djY4eEd1Tng5d2xVQ3RIUUlZdEhoWGRVcFBMc2RvZ2VqWk9yOWJsbWdTSjh2b0ZXMGRUSHFXamVROTdiUUpEUGV1VkJGa09Tc29QR3ZXcU13d3liVktrV2U2MTdpblpUbndvYkpyb01KMHFpVWdZYUJCTWFEV0w2Q1RrNWp2b01ma05pN3RjU3puR1pMQ2RNdU1waVB6Z2Y4aGt1c1RTWXRYUktsUE5RMnlDVml2WmI5SHdBeElXTWtGWnpyNWplMGp5UU5CYW5tTjBSRnhuVDdGb1R6dmhNcEhPMVg2ODFqTjBnMVE2TWxsdUVGNWxKSktkMnhlWk9PSlBVT0NRYXNmNE1PNE1ENkxkenZMTGJVdkpKcTVjRW1zcWFlZGY4b3VDSnI0MWdZUUxlQVQ4Y0Z5MjBPSGVIWUNJYjhia1VKWGtwVG5BSGFxUDNrbGtraVBPMmtQZA=='". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

这就是元素的外观:

<link href="https://domain/bootstrap/css/bootstrap.min.css" rel="stylesheet" nonce="dkhieExybzJPSFBNaW96WHRZVjRXMlFlakxveTIzMUFUSFA1M0xEWXdQZnBya0lFZWp0MktuOXdKRGtoRm4yM2xsRm5RQmd1b3EyZUZVR2RzZ1l6c1AycEVSSXVRbFBZU3dVMG1tT1ROYnd4U1NKcnY1dHFpaGlkTWxaazVlQnZ2dXdlUkNXNWdkd210b05ySVo2SkVKU2pxVUNwWEZGYVZrR2hmeHZUb1JWODJ1VU1SVk5xaG9UZ2tQMFlhbjg3ZE83TGt3bmY3UGo2bzdxY0tXbEpvTXgwdGZvUVdZVHlIMXkzbERuTzNOS2RsaGQwdFVGWms4WmdReDU0Z0NOakM3em04Wmh1UjJ6MWFwS3lRaFJwRlhyVDREcWJOZGhqU2JOS3ZIMlRHZUM4UDhTQ0JySXBDSDIwNEVySGRrS3haV1Q4ZkxqZVRmZ3hkRFlkRVFYTmhpT3V2UXFMa3E5bnFWWGhtWDFXRGFtWVFmQU5hRm5pZUo3R0pEOVkyaWVZYTRDNUxmMzFyU2VRQ0FaTVA5N0tuSzQ5eEU5QmNYd0Ezd1BWUTVOSHAxcXpGem82MFo1VHlVeFg5Njl1WDdSZjVZazNYZ29DUDc2QVFPQ05YODYwMndna2lOMjd3b3c5VFJCOTNUZk5aWFB1bEhwdERieFpQcVVtYXJndWE1YXZaaFJzOXE2Ynp2TTBweFJ0SzVDbllUbW8wdDhGUHdyaUNPWXlrZEs5OWlGQkFQNXdaTnVrcGc0VkVDeDJuTmljMXN4cDdIbVB2bTE1VWhrNU5xbVNLZW1OWEZEcDZ5b3VqMjVNSzhJRjJGMkhTY1VmT2Z1eTJjSlhDcFlYbDN3TXRDdUxZU2UyeHFTTjdUckdhZmc0cFhhR285Z2lDTFBtUElwMlF2UVFtZWlUVWE4TUQyYnZYdTU0a1FERlJkc09EUGUwTHc1OEdKN0FBV2xCejdwcnpNYXFXajI2Rk14TWdDQ1RIWGhsWWtOMDU3QmFvUWZ5SFY2WnB4VnRwYUluYjJOelN6QU1lb1pWdllITWlKaDM3QnMxMDFOckZEUUkxS1hkZmxPZ3R2Q0k4Mm5SaEc3b09zeEVnQUhYU1dac2tFaUxPOHM2SnJ1N0dPOGZjdnNpcHdrQkFMZmxXenNUU3gwVGFXSExBS1ZsdW1BTjZmWkxkN0tpU05zdWRRQU5PY2FKMGMxSkEwYnl4NmQ4aTRCaWR5bm9DMTNuNFVYdmsyUGc1R0lKUm0xWHVjTk8xcnEyc2lsRm9GTG56T0ZoSFNDT3lVWWVaUjNDSGoweU5SQWZ3NEVEN0RDRmk4Q2ZOdXVobjg0NDN5bVFpdlBoQjI1bkVKdjNrUWNTakJtRU9WbGxCZ3EwVVY4RjJqVXVEWEFJa2dGZnJPOEhsUzhDc3hxdWw1TWI1WEJMc2xwaDlnVHlyUUJRMWdFU1ZOcWdZTjZER1BWN0diZGp3NVFUWHduYjFHWmVVT0RTU0xvSE8yNVNHazdFaExJdTVsVUZXUXF6YVRtenBjUHZRV2lLOGRCWHRkSFpESnhCUklpNnc2UEQ3akJ4emYzVFFaR0Y4ZXVENGVIaXF6YTVnVXFmazR2QU40YmlhR3FZbUd5VWlKMDduaUlxUno5bEdaaFF6MW5vYjZYaXBYV290YUVVZWgwbTlRVjBMUUdtY2txaXJCZlJldE9mckJaeVl6U043T25ja0s1R2xLTnRUdG5jUzUwR3Vpb2V6WVZRWEdpdWdaMUtoWGlEVGJibmE2eG9EWDZId1A5T0JUSklFWXBtZDJvRXhjRVpRYWhwOURyNTRoZkNLS1NlVkgyZm5VaExHcWdpa3JJc2JPUDNhVXNJUGhudW03cHRtWVhaZUdYYmRZbFFBaEFpbEpDSXRzRUlVWmJOb1BLb0pGNnl4VkJNbWxFRnEzbXg5RmdRTHBKb0txRXc0aTZwaDJDRkhtalJtWGk0OUN0U2plQXpJNVd1NmEyMno0dWxQSXl2c3lIbEVOOVJ3NE9GbWtxOEZ5Y1c3WHA2Z21VeE9PR2Rrd0NHMFd2bWdiS2JWT3RocTJEaXNUclB2cHJTSGF1RkZlY3JYeFBCdmJ0Mkc5UHRUYWNZcVVRczVWSTlUWVZkaUhLVGpXMUJaNjJYOWgzQnBmS3JKR01HOXBYNHdWeHRJcUR0R2Z0QjdndXdZeVhYN2llZUp0YjlpcHgwMmx5RWswQXJJS2ZuNENnVTVXUExXdGt6NWhyUTRScnpPdkZKN1Z1ZUF4RGJJN0lJS2FLTXhETVFXMHk1Sjc0T3NsTkVBeWtqa3RYbEp0VVAwQTJSTmd3Ym5JVkRDTjZOaDRlNEJWWWp4eWRraTM0ZzBnVEZYSERXNkluQkhrUHM5SWdoUXZHZ2RWSFVTRHRldWEzeXlFN21NY0NsenNkMUpJWHZ5MzN0MUtuUHQ0dk1COURWQ1hYSXBreERFUG10d2lhTnpBZUhiT1pza0t1dllMRjNOeDNYSjhFQUQ1dHdIQ1VBZzZTakZKd0VMVUx4ZzVhRkpZeDY2YVlIUjlTNEF0ckdpNDY2MVUwMkFxeU10WHBtUlB4UUNKN2c1ZW9zT0ROMHlHZG4wbDlHcHRHS3JyTTlTaWFEMHFFRkxRdm9HMVNOWlpJNmlXSHBaaDdoakRBRXZMSFV2V0FTTHRrUkJNbHRNZnNDT1d2ZGROYlVDcmJ4QllQRWRFbG5tZXZXU0VVN3pTNkozYXI5YjRNbjlmalhtamdicTRoa0t6eVdGQTJtTVk5cG12MUo0OVFybWJicjUxOUJiSndMdWc5cGE2Njlwend0bExXQVVuTUVVcG4yZ3hlcVc1aTloaGxUODZaUE9pbERxVzNHcklOcWo3akJNSWM0M0hJSnZzT3A5ZnpLZmVQbUxOUEt6ZElmYlRUMlQ5d05ENWpWUnYyN2pQdlBXeGxkbnFyc3FKc2ZzMVNmWmlWRWxEMWpheEx4d2xmTVBLTkFrMDFhMGJlS2VOTDhhRGdka0RScUJNZUJqZ29tZmY3T3c1R0VzYnlOeXg3SGIzMk95M240elFOVVFhQzk5ZGx3VnFDZzdNTUFMOXlOZVVTS3hCSFpvWVZTTFcyM05FZERnVnlTVll5TVF1QmtWQW9oR2JQaUU0RXlhRzRpZGpnZkVRdmViZkdnbmdqRm9sRnhNMUVGYWZ5czNjaXZnS2ltWnlHaHZicHNDVmY0SUY5SkZ4WmtwR1RvTnNldTRDT3RFWGJTVHd0UTFtZE1RcnkxN2YwM0dCc0J0M2hZVFZ4c1lUOTdyTDRCdW9OT2I1RlZSa1lmcGlkUHVUR001ZE1yQTIwU0FqZGR1VmVhRVJ6TTBnZFlaT2xTd2JzVHlQQVRJWHdGc2ZNVUVwTzRuMXpoRWJMTUpPYUVJTlJCZjZ0VUI4cDAzWGRVM0VZSVZBZXRPRHV2TklLR0dLYkE3TDExVXYwcjJNRWRvQXRTdXFEd2FNMG04R0d4UHdoMHM5UUdKSUxMTmFmc2paMFllS1BzcFQ4bHM5Vkw1SGZYZ2NyNEJ4VzhrVGNHT3pTUlNSYnhac1pnR3pUYktRWU9hUzBpM0Y0YmNDQ1Ezc3locTdlN2prQ2tJdERoQnhDaVo0NEN2UjREVFlibEZnZTNyTkVrTnppNUFCZzBiZXpGWkFUczdaTEpNQWw3WWRnYVlmTzV3dkhjaGdRS0dUTzFJcDRCbGVlM0VqQ0Nvd2ozallKaVZJclZXRkxJOGVyUWZKcjhpOXBKU25GeGc0VzZjU2xnemNvRGhOVUduYWtpend4T09WV1RzSFppMjI0TWJycmFzRm41NktsRDFXVjZvVkh4ZlpjYTl2NGRqZ2Q3aDZaZWNhNkxON05sQjg4dFByVEx4Yk5ESzVEUXV1a0lYR2xRYzZ5bkF6eXJBME1vdXdlcmNDd0Y1b0xzWERNelBJR2lTVGp0c0Ria2hqRXRoMkRBQzROQ3dGb1E0bXBhNHRvSzkyYTVhOGRmSG43Q0p6VDRpOEZHbTE4WW04cG5LQlppa1hFbFlkbmltNWN1eWpGNzNvWjFkZ0x2UXBYblJHcWRPRlZEQjlza2tBZkdka2cyTEI5WXNNOXBjTjhKendONHMyc2FLQ0JLcTdCZ2RCN1g3dEZRWklJbUxmcXFhWFF2N1FDWGpmY2Vlb0w0WEJvaUE3WXlPV0ZwYnN1QWZZMjVBUkxWbUVZa1YzNFFBSWowZXdtMzVqYUZKb2oybkEyeHNwSGxMVlRidHM0TFVsdUg1WXBHMmdYelBFdEt5RHk0YUJZZ0ltdlRFVFp3WFRLVTdEbGFwY05XU29rSUk2U3cxeEJvODRreldhRU02eGs1cUpheHNQd002QnJrYmRYelV5MFF0NlFSczB5SFg0V3JyUkhsUVZ4UURiUXJmOWFveDVkcHIwd0JIa0ZDdW1hMW4wd3Z1U2xmU0t3WmJ0TmgyMnhWRlJlQTlocXFXbWhMaG9kQTVBdGRMcmQ5T2hFNXJXbUxGMG9kRFF5RGM3cHF3TFZNdlFuNEQzTGZORkpzNlpJaHNlc0V3RDlVUFcxQWZFN0pSZmVST2w0VDdWOU02aGxXWDhMWXI4bkNGTk90c0VHSkRmVUtORkFaamJlNTFPQWlCSDJEcGRyUzVscHUzWHc0dDhSa2RqZDVpRTh6Uk9DaDhITkJKdmhJTmxhUTZoNzU2ZDFxUllhS28wMHhlc0RjclV6czR6bnMwMDdJbWlmOUdRVElHM3M4b0wxaWFDOHpCWlhFdDJpT09pQXBrZUNtZkRuZUt1M0t5bExrYzhiMExVWngyTDh6MHdUUHljeVFrcDJBMGVuaGdBaVhGekFuM3l2dGpXek5DTWVpYnlob0dSQzFBQjdxQk9wZHJqUVBCbklXRGFOZ2kycHhIYnBwREtIMHpac2YwWXR4UWJJTDFwWnZlem1EdkZIbWVqYXgzNGtJWjd1dEpMMUFVaUtLZGdUb0FCQjdLWkxTT3hPVlpZbE52djY4eEd1Tng5d2xVQ3RIUUlZdEhoWGRVcFBMc2RvZ2VqWk9yOWJsbWdTSjh2b0ZXMGRUSHFXamVROTdiUUpEUGV1VkJGa09Tc29QR3ZXcU13d3liVktrV2U2MTdpblpUbndvYkpyb01KMHFpVWdZYUJCTWFEV0w2Q1RrNWp2b01ma05pN3RjU3puR1pMQ2RNdU1waVB6Z2Y4aGt1c1RTWXRYUktsUE5RMnlDVml2WmI5SHdBeElXTWtGWnpyNWplMGp5UU5CYW5tTjBSRnhuVDdGb1R6dmhNcEhPMVg2ODFqTjBnMVE2TWxsdUVGNWxKSktkMnhlWk9PSlBVT0NRYXNmNE1PNE1ENkxkenZMTGJVdkpKcTVjRW1zcWFlZGY4b3VDSnI0MWdZUUxlQVQ4Y0Z5MjBPSGVIWUNJYjhia1VKWGtwVG5BSGFxUDNrbGtraVBPMmtQZA==">

我不明白,当样式表实际上已完美加载且现时值与CSP匹配时,为什么会发生这些错误?

真的很感谢您的帮助!

1 个答案:

答案 0 :(得分:0)

两件事突然出现在我身上

  1. 必须在原始页面加载时进行调整。您以后无法通过JavaScript添加它们。这是出于定义和目的,因为允许它们稍后被脚本加载会破坏首先使用它们的目的。以任何服务器语言(例如PHP)本身生成页面时生成随机数,并传递标题。*

  2. 不确定在特定情况下是否适用此方法,但是如果发送CSP标头,则以后不能发送第二个标头失去较早版本的安全性。您可以收紧政策,但不能放松。同样,根据定义和目的。

修改以添加:

  1. 我没有特别想起哪一个,但是有些CSP方法不能通过HTML <meta>标签起作用,而只能通过HTTP标头起作用。这是因为它们必须在页面的任何部分加载之前加载。我相信(?)随机数就是其中之一。

*正如您说的那样,您根本无法编写HTTP标头,因此您可能无法在设置中使用CSP随机数

相关问题
最新问题