[英]Content Security Policy style-src refuses to load in Safari
使用Safari 11.0时,我尝试在我维护的网站上加载CSS资源时收到错误消息。 该页面在Chrome和Firefox中可以很好地加载,而在Safari中可以很好地加载,因此我不确定如何解决它。 我猜我需要修改Content-Security-Policy标头。
Safari控制台中的特定错误被Refused to load https://****.com/css/styles.css because it does not appear in the style-src directive of the Content Security Policy. 因此,无法加载styles.css文件,并且网站呈现不正确。
该网站的安全标头(通过Caddy设置)为:
Content-Security-Policy default-src 'self' https:; script-src 'self'; style-src 'self'; object-src 'none' Content-Type text/html; charset=utf-8 Referrer-Policy strict-origin Server Caddy Strict-Transport-Security max-age=31536000; includeSubDomains; preload
更改Content-Security-Policy标头值的style-src部分,使其改为style-src 'self' https://****.com 。 也就是说,使用实际的主机名替换https://****.com的****.com 。
Safari 浏览器中无法识别的内容安全策略指令“worker-src”
[英]Unrecognized Content Security Policy directive 'worker-src' in Safari Browser
Safari 出现错误“拒绝连接到 _____,因为它没有出现在内容安全策略的 connect-src 指令中。”
[英]Safari Gives Error "Refused to connect to _____ because it does not appear in the connect-src directive of the Content Security Policy."
仅 Safari:拒绝连接到...,因为它没有出现在内容安全策略的 connect-src 指令中
[英]Safari only: Refused to connect to ... because it does not appear in the connect-src directive of the Content Security Policy
Safari 不理解我的 Content-Security-Policy 标头
[英]Safari doesn't understand my Content-Security-Policy headers
Safari:无法识别的Content-Security-Policy指令'frame-ancestors'
[英]Safari: Unrecognized Content-Security-Policy directive 'frame-ancestors'
为什么我的开放内容安全策略在 Safari 中仍然是一个问题?
[英]Why is my wide open Content-Security-Policy still an issue in Safari?
由于 Content-Security-Policy 问题,Safari 无法从 blob 创建 Worker
[英]Safari unable to create Worker from blob due to Content-Security-Policy issue
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
