[英]How do I load page using Jquery AJAX while using 'default-src 'none'' in CSP
How can I load a page in a DIV using jquery with the default-src 'none'
?如何使用 jquery 和default-src 'none'
在 DIV 中加载页面?
I have checked my website using https://observatory.mozilla.org But I have one problem:我已经使用https://observatory.mozilla.org检查了我的网站,但我有一个问题:
It says that I should have default-src
to 'none'
, but my site contains jQuery which loads a page inside Div, and reloads it every 5 seconds (a chat system).它说我应该将default-src
设置为'none'
,但我的网站包含 jQuery ,它在 Div 中加载一个页面,并每 5 秒重新加载一次(聊天系统)。
The JS code is: JS代码是:
function loadlink(){
let loadURL = "/contact_live_chat/chat_display.html";
let loadCallback = function(){
$("#messages").scrollTop($('#messages').prop("scrollHeight"));
}
$('#messages').load(loadURL, loadCallback);
}
$(document).ready(function(){
$('#submit').click(function(e) {
e.preventDefault();
$.ajax({
type: 'POST',
url: '/contact_live_chat/chat_display.html?sendmessage=1',
data: {content: $('#contentofmessage').val()},
success: loadlink
});
$('#contentofmessage').val('');
});
loadlink(); // This will run on page load
setInterval(function () {
var scrollTarget = $('#messages');
var pos = scrollTarget.scrollTop();
scrollTarget.load('/contact_live_chat/chat_display.html', function() {
$('#messages').scrollTop(pos);
});
},5000);
})
But I get this error in the browser:但我在浏览器中收到此错误:
Content Security Policy: The page's settings blocked the loading of a resource at https://www.example.com/contact_live_chat/chat_display.html (“default-src”).内容安全策略:页面设置阻止加载https://www.example.com/contact_live_chat/chat_display.html (“default-src”)的资源。
Is there any other directive other than default-src which can help with this?除了 default-src 之外,还有其他指令可以帮助解决这个问题吗?
CSP is: CSP 是:
Header always set Content-Security-Policy "default-src 'none'; img-src data: https: 'self'; script-src 'self'; object-src 'none'; frame-ancestors 'none'; style-src 'self'; base-uri 'none'; form-action 'self'; media-src https: 'self'; frame-src 'none'; child-src 'none'"
How can I load a page in a DIV using jquery with the default-src 'none'
?如何使用 jquery 和default-src 'none'
在 DIV 中加载页面?
I have checked my website using https://observatory.mozilla.org But I have one problem:我已经使用https://observatory.mozilla.org检查了我的网站,但我有一个问题:
It says that I should have default-src
to 'none'
, but my site contains jQuery which loads a page inside Div, and reloads it every 5 seconds (a chat system).它说我应该将default-src
设置为'none'
,但我的网站包含 jQuery ,它在 Div 中加载一个页面,并每 5 秒重新加载一次(聊天系统)。
The JS code is: JS代码是:
function loadlink(){
let loadURL = "/contact_live_chat/chat_display.html";
let loadCallback = function(){
$("#messages").scrollTop($('#messages').prop("scrollHeight"));
}
$('#messages').load(loadURL, loadCallback);
}
$(document).ready(function(){
$('#submit').click(function(e) {
e.preventDefault();
$.ajax({
type: 'POST',
url: '/contact_live_chat/chat_display.html?sendmessage=1',
data: {content: $('#contentofmessage').val()},
success: loadlink
});
$('#contentofmessage').val('');
});
loadlink(); // This will run on page load
setInterval(function () {
var scrollTarget = $('#messages');
var pos = scrollTarget.scrollTop();
scrollTarget.load('/contact_live_chat/chat_display.html', function() {
$('#messages').scrollTop(pos);
});
},5000);
})
But I get this error in the browser:但我在浏览器中收到此错误:
Content Security Policy: The page's settings blocked the loading of a resource at https://www.example.com/contact_live_chat/chat_display.html (“default-src”).内容安全策略:页面设置阻止加载https://www.example.com/contact_live_chat/chat_display.html (“default-src”)的资源。
Is there any other directive other than default-src which can help with this?除了 default-src 之外,还有其他指令可以帮助解决这个问题吗?
CSP is: CSP 是:
Header always set Content-Security-Policy "default-src 'none'; img-src data: https: 'self'; script-src 'self'; object-src 'none'; frame-ancestors 'none'; style-src 'self'; base-uri 'none'; form-action 'self'; media-src https: 'self'; frame-src 'none'; child-src 'none'"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.