永久加载
Perpetual Loading
我有一个使用 identityserver3 的身份服务器设置,每当我在登录后连接到我的站点时,它就会陷入看起来像永久重定向的状态。
我打开了日志记录,我注意到其中有一些与 CSP 相关的行,这让我认为这是问题所在,但我不知道如何解决它。
2016-01-13 12:43:17.738 -05:00 [Information] rendering login page
2016-01-13 12:43:18.203 -05:00 [Information] CSP Report endpoint requested
2016-01-13 12:43:18.208 -05:00 [Information] CSP Report data: "{\"csp-report\":{\"blocked-uri\":\"self\",\"document-uri\":\"http://example.com.com:44200/core/login?signin=someGuid\",\"line-number\":1,\"original-policy\":\"default-src http://example.com:44200; script-src http://example.com:44200; style-src http://example.com:44200 'unsafe-inline'; img-src *; report-uri http://example.com:44200/core/csp/report\",\"referrer\":\"\",\"script-sample\":\"try { for(var lastpass_iter=0; lastpass...\",\"source-file\":\"http://example.com:44200/core/login?signin=someGuid\",\"violated-directive\":\"script-src http://example.com:44200\"}}"
2016-01-13 12:43:18.208 -05:00 [Information] CSP Report data: "{\"csp-report\":{\"blocked-uri\":\"self\",\"document-uri\":\"http://example.com:44200/core/login?signin=someGuid\",\"original-policy\":\"default-src http://example.com:44200; script-src http://example.com:44200; style-src http://example.com:44200 'unsafe-inline'; img-src *; report-uri http://example.com:44200/core/csp/report\",\"referrer\":\"\",\"script-sample\":\"onerror attribute on IMG element\",\"source-file\":\"http://example.com:44200/core/login?signin=someGuid\",\"violated-directive\":\"script-src http://example.com:44200\"}}"
2016-01-13 12:43:18.223 -05:00 [Information] CSP Report data: "{\"csp-report\":{\"blocked-uri\":\"data:image/png;base64,someText\",\"document-uri\":\"http://example.com:44200/core/login?signin=someGuid\",\"original-policy\":\"default-src http://example.com:44200; script-src http://example.com:44200; style-src http://example.com:44200 'unsafe-inline'; img-src *; report-uri http://example.com:44200/core/csp/report\",\"referrer\":\"\",\"violated-directive\":\"img-src *\"}}"
2016-01-13 12:43:18.226 -05:00 [Information] Rendering 204
您可以使用 IdentityServerOptions 的 CSPOptions 属性 修改 CSP 选项。在此处查找文档:https://identityserver.github.io/Documentation/docsv2/advanced/csp.html
如果您想测试 CSP 是否是您的问题,您可以尝试使用这些选项完全禁用它。
查看日志,您可能需要将值 'self' 添加到 ScriptSrc。
我有一个使用 identityserver3 的身份服务器设置,每当我在登录后连接到我的站点时,它就会陷入看起来像永久重定向的状态。
我打开了日志记录,我注意到其中有一些与 CSP 相关的行,这让我认为这是问题所在,但我不知道如何解决它。
2016-01-13 12:43:17.738 -05:00 [Information] rendering login page
2016-01-13 12:43:18.203 -05:00 [Information] CSP Report endpoint requested
2016-01-13 12:43:18.208 -05:00 [Information] CSP Report data: "{\"csp-report\":{\"blocked-uri\":\"self\",\"document-uri\":\"http://example.com.com:44200/core/login?signin=someGuid\",\"line-number\":1,\"original-policy\":\"default-src http://example.com:44200; script-src http://example.com:44200; style-src http://example.com:44200 'unsafe-inline'; img-src *; report-uri http://example.com:44200/core/csp/report\",\"referrer\":\"\",\"script-sample\":\"try { for(var lastpass_iter=0; lastpass...\",\"source-file\":\"http://example.com:44200/core/login?signin=someGuid\",\"violated-directive\":\"script-src http://example.com:44200\"}}"
2016-01-13 12:43:18.208 -05:00 [Information] CSP Report data: "{\"csp-report\":{\"blocked-uri\":\"self\",\"document-uri\":\"http://example.com:44200/core/login?signin=someGuid\",\"original-policy\":\"default-src http://example.com:44200; script-src http://example.com:44200; style-src http://example.com:44200 'unsafe-inline'; img-src *; report-uri http://example.com:44200/core/csp/report\",\"referrer\":\"\",\"script-sample\":\"onerror attribute on IMG element\",\"source-file\":\"http://example.com:44200/core/login?signin=someGuid\",\"violated-directive\":\"script-src http://example.com:44200\"}}"
2016-01-13 12:43:18.223 -05:00 [Information] CSP Report data: "{\"csp-report\":{\"blocked-uri\":\"data:image/png;base64,someText\",\"document-uri\":\"http://example.com:44200/core/login?signin=someGuid\",\"original-policy\":\"default-src http://example.com:44200; script-src http://example.com:44200; style-src http://example.com:44200 'unsafe-inline'; img-src *; report-uri http://example.com:44200/core/csp/report\",\"referrer\":\"\",\"violated-directive\":\"img-src *\"}}"
2016-01-13 12:43:18.226 -05:00 [Information] Rendering 204
您可以使用 IdentityServerOptions 的 CSPOptions 属性 修改 CSP 选项。在此处查找文档:https://identityserver.github.io/Documentation/docsv2/advanced/csp.html
如果您想测试 CSP 是否是您的问题,您可以尝试使用这些选项完全禁用它。
查看日志,您可能需要将值 'self' 添加到 ScriptSrc。