content-security-policy

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed last year . Where can I find out what content security policy (CSP) features are supported by the Safari browser? I am getting error reports only for Safari and want to confirm whether or not Safari supports the policy I have in place. My Policy: base-uri; object-src; script-src https://*.example.com *.example.com 'nonce

问题 We are developing an app with Cordova that syncs information with an ODATA Web-Service made available by a Microsoft Dynamics NAV 2013 Middle tier. Under Android there is no problem with the connection and under iOS 8 and 9 it works as well. On Devices using iOS 10 the connection does not work and returns a HTTP 400 Bad Request error. The connection has the following structure (this is test code, works on Android and iOS 8 and 9, but not on iOS 10) var xreq = new XMLHttpRequest(); xreq.open(

问题 I am getting the following error on my page: Refused to load the script 'http://127.0.0.1:35729/livereload.js' because it violates the following Content Security Policy directive: "script-src https: 'unsafe-inline' 'unsafe-eval'". HTML <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;"> </head> <body> <script src

问题 We want to secure our site with Content-Security-Policy, and even with the setting of allowing inline scripts ( default-src 'self'; script-src 'self' 'unsafe-inline' ), loading modernizr (2.6.2) produces 4 CSP violations: I upgraded to the latest version (3.6.0), the develop version, and now it produces over 30 CSP violations: I couldn't find any official statement on CSP on the modernizr site, it merely mentions that in 2012, they added a detect for Content Security Policy (https://modernizr

问题 I am trying to scrape Phone Number from these links "https://www.practo.com/delhi/doctor/dr-meeka-gulati-dentist-3?specialization=Dentist&practice_id=722421" and "https://www.practo.com/delhi/doctor/dr-rajeev-puri-ear-nose-throat-ent-specialist?specialization=Ear-Nose-Throat%20(ENT)%20Specialist&practice_id=912154" if element present it scrapes the phone number otherwise phone number is None Spider Code: from selenium import webdriver from selenium.webdriver.common.by import By from selenium

问题 I try to get the tags working in an express/node.js environment but somehow they always get blocked by the content security policy. I already tried using multiple node-modules like express-csp-header or csp-header but none of them did the trick. So I went back to 'normal' declaration. This is at the top of my server.ts script: app.use((req: any, res: any, next: any) => { res.set({ "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type,

问题 I have this problem in dart Refused to load the image 'https://**.png' because it violates the following Content Security Policy directive: "img-src 'self' data: chrome-extension-resource:". when try to set src in image element ImageButtonInputElement button = new ImageButtonInputElement(); button.className="button_element"; button.src=el["imageUrl"]; //like "https://**.png" whit this manifest.json "content_security_policy":"img-src https://server.example.org" Someone would know help me?

问题 I have this problem in dart Refused to load the image 'https://**.png' because it violates the following Content Security Policy directive: "img-src 'self' data: chrome-extension-resource:". when try to set src in image element ImageButtonInputElement button = new ImageButtonInputElement(); button.className="button_element"; button.src=el["imageUrl"]; //like "https://**.png" whit this manifest.json "content_security_policy":"img-src https://server.example.org" Someone would know help me?

问题 I recently added the following CSP policies for https://stefan.sofa-rockers.org/ default-src 'self'; style-src 'self' https://brick.a.ssl.fastly.net; font-src 'self' https://brick.a.ssl.fastly.net It seems to work well on all browser, but Firefox is showing me this strange, truncated error message: Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://stefan.sofa-rockers.org”). Source: (function (ERROR) { const V8_STACK_.... stefan.sofa

问题 I've implement login with facebook (with javascript SDK method) in my website, it works perfectly if I disable my CSP (content security policy) but wont work if I enable it, below is my CSP code, can anyone enlighten me, what did I Miss? default-src 'none'; connect-src 'self'; frame-src https://www.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com; img-src 'self' https://*.facebook.com https://scontent.xx.fbcdn.net; script-src 'self' https://code.jquery.com https:/