[英]Unable to employ AutoFac correctly in a repository setting using the ASP.NET MVC HTML5 Boilerplate
[英]ASP.NET MVC HTML5 Boilerplate - Content Security Policy is killing all external scripts, even “whitelisted” ones
當前的項目:
因此,它似乎是從外面什么我開發的網站被停止, 冷 ,由內容安全策略。 是的,該表格的底部應該有一個Google ReCaptcha。 看不到了嗎? 是的...... 盡管像ajax.googleapis.com
這樣的東西被認為是通過FilterConfig.cs
“列入白名單”。
當我訪問我的網站並嘗試加載它時,我收到控制台錯誤:
Content Security Policy: The page's settings blocked the loading of a resource at https://www.google.com/recaptcha/api.js ("script-src http://http://www.taskgenerator.ca http://localhost:* http://ajax.googleapis.com http://ajax.aspnetcdn.com").
當我將www.google.com
添加到FilterConfig.cs
的CspScriptSrcAttribute()
FilterConfig.cs
,我收到以下錯誤:
Content Security Policy: The page's settings blocked the loading of a resource at https://www.gstatic.com/recaptcha/api2/r20160913151359/recaptcha__en.js ("script-src http://http://www.taskgenerator.ca http://localhost:* http://www.google.com http://ajax.googleapis.com http://ajax.aspnetcdn.com").
當我添加www.gstatic.com
我收到以下錯誤:
Content Security Policy: The page's settings blocked the loading of a resource at https://www.google.com/recaptcha/api2/anchor?k=6LdHZB4TAAAAAMj_6F7h1ahYTNAjtHqRvWLj_FBx&co=aHR0cDovL3Rhc2tnZW5lcmF0b3IubG9jYWxob3N0Ojgw&hl=en&v=r20160913151359&size=normal&cb=lvhf93b5gk4z ("default-src 'none'").
盡管已按上述方式將www.google.com
列入白名單。
這種情況一直發生在&#$!%(@ rabbit hole。似乎沒有結束。我只想在網站上添加一個愚蠢的ReCaptcha - 這應該有多難? ?
我非常確信無條件地從項目中刪除了HTML5樣板,並將其原始/自定義/默認只是為了避免這些棘手的顯示停止的關鍵錯誤。
請告訴我:
HTML5 MVC Boilerplate頁面在這方面提供了ZERO建議 。
編輯:
我的FilterConfig.cs
的代碼最初是這樣的:
filters.Add(
new CspScriptSrcAttribute() {
CustomSources = string.Join(
" ",
#if DEBUG
"localhost:*",
#endif
ContentDeliveryNetwork.Google.Domain,
ContentDeliveryNetwork.Microsoft.Domain
),
Self = true,
});
使用常量( contentdeliverynetwork.cs
)如下:
public static class ContentDeliveryNetwork {
public static class Google {
public const string Domain = "ajax.googleapis.com";
public const string JQueryUrl = "//ajax.googleapis.com/ajax/libs/jquery/2.2.3/jquery.min.js";
}
public static class MaxCdn {
public const string Domain = "maxcdn.bootstrapcdn.com";
public const string FontAwesomeUrl = "//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css";
}
public static class Microsoft {
public const string Domain = "ajax.aspnetcdn.com";
public const string JQueryValidateUrl = "//ajax.aspnetcdn.com/ajax/jquery.validate/1.15.0/jquery.validate.min.js";
public const string JQueryValidateUnobtrusiveUrl = "//ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js";
public const string ModernizrUrl = "//ajax.aspnetcdn.com/ajax/modernizr/modernizr-2.8.3.js";
public const string BootstrapUrl = "//ajax.aspnetcdn.com/ajax/bootstrap/3.3.6/bootstrap.min.js";
}
}
甚至修改以下內容:
filters.Add(
new CspScriptSrcAttribute() {
CustomSources = string.Format("google.com www.gstatic.com www.google.com localhost:* ajax.googleapis.com ajax.aspnetcdn.com"),
Self = true,
});
沒有幫助。
Chrome通常會告訴您已找到的阻止內容。 您只需要添加它告訴您的所有異常。 也就是說,如果要關閉CSP,請注釋掉以下行:
public static class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
AddSearchEngineOptimizationFilters(filters);
AddSecurityFilters(filters);
AddContentSecurityPolicyFilters(filters); // Comment this out
}
// ...Omitted
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.