由于内容安全策略,无法在 Iframe 中加载 BIRT 报告的图像
Unable to load image of BIRT report in Iframe due to content security policy
我尝试在 iframe 中加载 BIRT 报告时收到以下错误消息。我在开发人员控制台中收到以下错误。
Error Message:
"Mixed Content: The page at 'https://someserver.com/payrollRecon/StatisticsReport_>efreshReport.action' was loaded over HTTPS, but requested an insecure plugin resource 'http://someserver.com/birt/preview?__sessionId=20190410_063733_547&__imageid=custom272bcb9e16a06cfee3f1.svg'. This request has been blocked; the content must be served over HTTPS."
我的 content-security-policy header 设置如下:
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://someserver.com/birt/ https://someserver.com/birtuat/; object-src *; style-src 'self' 'unsafe-inline' https://someserver.com/birt/ https://someserver.com/birtuat/; img-src *; frame-src 'self' https://someserver.com/birt/ https://someserver.com/birtuat/ https:; font-src 'self' data:; connect-src 'self'
upgrade-insecure-request CSP 指令应该将 URL 升级到 https,但由于某种原因,它没有升级。
upgrade-insecure-request 添加到 csp 指令以将请求升级到 https。但是不工作。
我通过修改 BIRT 报告 jsp 文件中的代码,设法将 url 升级到 https。我修改了 RequesterFragment.jsp、RunFragment.jsp 和 FramesetFragment.jsp 文件以将请求升级到 https。
在上述文件中向 baseHref 添加了 https 架构。
我尝试在 iframe 中加载 BIRT 报告时收到以下错误消息。我在开发人员控制台中收到以下错误。
Error Message:
"Mixed Content: The page at 'https://someserver.com/payrollRecon/StatisticsReport_>efreshReport.action' was loaded over HTTPS, but requested an insecure plugin resource 'http://someserver.com/birt/preview?__sessionId=20190410_063733_547&__imageid=custom272bcb9e16a06cfee3f1.svg'. This request has been blocked; the content must be served over HTTPS."
我的 content-security-policy header 设置如下:
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://someserver.com/birt/ https://someserver.com/birtuat/; object-src *; style-src 'self' 'unsafe-inline' https://someserver.com/birt/ https://someserver.com/birtuat/; img-src *; frame-src 'self' https://someserver.com/birt/ https://someserver.com/birtuat/ https:; font-src 'self' data:; connect-src 'self'
upgrade-insecure-request CSP 指令应该将 URL 升级到 https,但由于某种原因,它没有升级。
upgrade-insecure-request 添加到 csp 指令以将请求升级到 https。但是不工作。
我通过修改 BIRT 报告 jsp 文件中的代码,设法将 url 升级到 https。我修改了 RequesterFragment.jsp、RunFragment.jsp 和 FramesetFragment.jsp 文件以将请求升级到 https。
在上述文件中向 baseHref 添加了 https 架构。