CSP header 因 "Refused to apply inline style..." 失败,但我已经添加了哈希
CSP header fails with "Refused to apply inline style..." but I have already added the hash
得到
Refused to apply inline style because it violates the following
Content Security Policy directive: "style-src 'self'
'sha256-UTjtaAWWTyzFjRKbltk24jHijlTbP20C1GUYaWPqg7E='
'sha256-lAjyGSIzNSfpcl56itQltlKnBClAWcbXqXwsWgwPBDM='
'sha256-IQ1w928Id2I18HopWjf2QH1yWRabHjMmdIigddkJsjk='
'sha256-gx2qS9lINA9HjEhSBFaGgUjlVL1GCqJxyGoHpGODeo8=' 'sha256-nFZFLbV913URty3kcgmuV3NUKJUM9TYhEZ+OkHy6DxU='
'sha256-xfnLUXCYTisGE0l0rOaR+OgO5EG+uV25p4QNcjB5dWg='
'sha256-TUXjxBhzs16+YXaJCnt/+EyyEldkUoAz/SvQCm05hFw=' blob:". Either
the 'unsafe-inline' keyword, a hash
('sha256-gx2qS9lINA9HjEhSBFaGgUjlVL1GCqJxyGoHpGODeo8='), or a
nonce ('nonce-...') is required to enable inline execution.
但是请注意,它要我添加的散列已经存在。
使用最新的Chrome。
我的 CSP header 有什么问题?
你被坑了。内联样式有2种:
得到
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'sha256-UTjtaAWWTyzFjRKbltk24jHijlTbP20C1GUYaWPqg7E=' 'sha256-lAjyGSIzNSfpcl56itQltlKnBClAWcbXqXwsWgwPBDM=' 'sha256-IQ1w928Id2I18HopWjf2QH1yWRabHjMmdIigddkJsjk=' 'sha256-gx2qS9lINA9HjEhSBFaGgUjlVL1GCqJxyGoHpGODeo8=' 'sha256-nFZFLbV913URty3kcgmuV3NUKJUM9TYhEZ+OkHy6DxU=' 'sha256-xfnLUXCYTisGE0l0rOaR+OgO5EG+uV25p4QNcjB5dWg=' 'sha256-TUXjxBhzs16+YXaJCnt/+EyyEldkUoAz/SvQCm05hFw=' blob:". Either the 'unsafe-inline' keyword, a hash ('sha256-gx2qS9lINA9HjEhSBFaGgUjlVL1GCqJxyGoHpGODeo8='), or a nonce ('nonce-...') is required to enable inline execution.
但是请注意,它要我添加的散列已经存在。
使用最新的Chrome。
我的 CSP header 有什么问题?
你被坑了。内联样式有2种: