`content-security-policy: default-src https:;` 阻止内联资源加载 1:1
`content-security-policy: default-src https:;` blocks resource loading at inline 1:1
上设置了 Content-Security-Policy: default-src https:; report-uri https://rootkea.report-uri.com/r/d/csp/enforce
每当我访问该网站时,控制台都会显示:
Content Security Policy: The page’s settings blocked the loading of a
resource at inline (“default-src”). rootkea.me:1:1
在 1:1 我有 <!DOCTYPE html> 从来源可以看出:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="generator" content="GitLab Pages">
<title>Plain HTML site using GitLab Pages</title>
<link rel='stylesheet' href='https://d33wubrfki0l68.cloudfront.net/css/ec5b55aee5efed4317d1380a75fc4c3df003f096/style.css'/>
</head>
<body>
<div class="navbar">
<a href="https://rootkea.me/">Home</a>
<a href="https://blog.rootkea.me/" target="_blank">Blog</a>
</div>
<h1>Hello World!</h1>
</body>
</html>
那么,我错过了什么?
我的调试不佳。我应该先在新的 Firefox 配置文件中调试。
无论如何,罪魁祸首是 Google Analytics Opt-out Add-on (by Google) 插件。我禁用了它,控制台中不再出现 CSP 错误。
Content-Security-Policy: default-src https:; report-uri https://rootkea.report-uri.com/r/d/csp/enforce
每当我访问该网站时,控制台都会显示:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”). rootkea.me:1:1
在 1:1 我有 <!DOCTYPE html> 从来源可以看出:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="generator" content="GitLab Pages">
<title>Plain HTML site using GitLab Pages</title>
<link rel='stylesheet' href='https://d33wubrfki0l68.cloudfront.net/css/ec5b55aee5efed4317d1380a75fc4c3df003f096/style.css'/>
</head>
<body>
<div class="navbar">
<a href="https://rootkea.me/">Home</a>
<a href="https://blog.rootkea.me/" target="_blank">Blog</a>
</div>
<h1>Hello World!</h1>
</body>
</html>
那么,我错过了什么?
我的调试不佳。我应该先在新的 Firefox 配置文件中调试。
无论如何,罪魁祸首是 Google Analytics Opt-out Add-on (by Google) 插件。我禁用了它,控制台中不再出现 CSP 错误。