今天重新部署了的分类页面,发现php文件有问题,是因为nginx导致的
问题:
Content Security Policy: 页面设置阻止读取位于 http://satc.dataoke.com/dest/js/dtksatc.js?v=1669737600000 的一项资源(“script-src”)。
Refused to load the script ‘<URL>’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval'”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
这些都是一些nginx配置问题
不要轻易设置下面的内容:
#add_header X-XSS-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #add_header Referrer-Policy "no-referrer-when-downgrade" always; #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; #add_header Permissions-Policy "interest-cohort=()" always; #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
猜你喜欢
发表评论
电子邮件地址不会被公开。 必填项已用*标注