Nginx CSP frame-src被忽略了
[英]Nginx CSP frame-src ignored
问题描述
I have an Nginx CSP configured as follows: 
我有一个Nginx CSP配置如下:
add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-eval' https://www.google-analytics.com/analytics.js;img-src 'self' https://ssl.google-analytics.com data:;style-src 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline';frame-src 'self' https:;object-src 'self';connect-src 'self' ws:;media-src 'self'
When I try to load a page in Chrome I see: 当我尝试在Chrome中加载页面时,我看到:
Refused to frame 'https://myexternalwebsite.com/a/b/index.html' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
In my CSP frame-src is clearly set and has the values 'self' and https: 在我的CSP框架中,src显然已设置并具有值'self'和https:
What could I be doing wrong? 我能做错什么?
1 个解决方案
解决方案1
0 已采纳 2017-03-05 16:24:30
A bit strange but I managed to fix this by specifying: 有点奇怪,但我设法通过指定:
frame-src 'self' *;
This satisfies my requirements. 这满足了我的要求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Nginx CSP 脚本 hash 被阻止 - Nginx CSP script hash blocked
在 nginx 中忽略位置 - Location ignored in nginx
Nginx重写-上次被忽略吗? - Nginx Rewrite - Last Ignored?
Nginx 中的服务器块被忽略 - Serverblock being ignored in Nginx
Nginx 重定向被忽略 - Nginx redirect being ignored
GitLab上的NginX Server块被忽略 - NginX Server block on GitLab is ignored
NGINX auth_request 被忽略 - NGINX auth_request is ignored
在 NextJS、nginx 和 Material-ui(SSR) 中使用 CSP - Using CSP in NextJS, nginx and Material-ui(SSR)
如何使用角度的随机数方法在 nginx 中配置 CSP? - How to configure CSP in nginx using nonce approach in angular?
nginx CSP不允许明确允许的Google Analytics(分析)脚本 - nginx CSP not allowing explicitly permitted google analytics script
相关标签