首页 > 自言自语 > 正文

今天重新部署了的分类页面,发现php文件有问题,是因为nginx导致的

问题:

Content Security Policy: 页面设置阻止读取位于 http://satc.dataoke.com/dest/js/dtksatc.js?v=1669737600000 的一项资源(“script-src”)。

Refused to load the script ‘<URL>’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval'”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

这些都是一些nginx配置问题

不要轻易设置下面的内容:

#add_header X-XSS-Protection          "1; mode=block" always;
#add_header X-Content-Type-Options    "nosniff" always;
#add_header Referrer-Policy           "no-referrer-when-downgrade" always;

#add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
#add_header Permissions-Policy        "interest-cohort=()" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

猜你喜欢
发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论信息
picture loss