CSP 报告中的状态 200 意味着什么?
What does status 200 mean in a CSP report?
我有以下 CSP 报告:
"csp-report": {
"effective-directive": "script-src",
"referrer": "",
"status-code": 200,
"original-policy": "img-src 'self' data: https://redacted-development.s3.amazonaws.com https://s3.eu-west-2.amazonaws.com https://app.appzi.io https://cdn.ywxi.net https://randomuser.me;object-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'self';report-uri /report-csp;script-src 'strict-dynamic' 'unsafe-inline' 'nonce-M2EyZTVhMzItNDY5My00YTI5LWE3MzEtM2NjMjdjMjc0ZmQ0' 'nonce-M2JiODg4NWQtODJjNy00MTZjLTkyYzMtZjY1MDIyMDQwYzgw' 'nonce-M2Y3MDQ1YWUtNThiZi00MWI3LTg1NzQtYjg2NDAxMmE1YjZl' 'nonce-MjMyMjUxZGUtZTQ1MS00OGZlLTk2NGYtZGM0NzQwZDBlOGQx' 'nonce-Mjg2M2U1ZTgtZmYyNS00YzllLWI1ZDItODY1NWUxNjIxMzQx' 'nonce-MmMyMmQyNWYtNWU4OC00NjRhLWEzNDYtYjc1NDg4ZTMzOGUy' 'nonce-MzZjZTE4MGItMWQyZi00YzRhLWFhMmQtMjlhMjg1ZTQzZDdl' 'nonce-NDExZTg5MjYtODQ1ZC00ZTE5LThjYmEtYmU3NmY5ZDg2MjI0' 'nonce-NDhiNmU5YjktYzEyYS00NjFjLWJmMWItNzU0MzI2NTlkOGNh' 'nonce-NWI2Yzg1YzktN2JkZC00OGY5LWFhODktZTFhN2MxZTUxNTNj' 'nonce-NzFjNTUzN2YtMWQ3MC00ODY5LWJhYmUtOGYxYjBiZjc0Y2Yx' 'nonce-NzgzNjI3ZDctNWU0ZC00ZWI0LThiN2UtODk5NWFhODNjY2Zj' 'nonce-OTUwNzMyM2EtZmExMS00NjA1LThjNGMtZjQzYTFiZTM4NmQx' 'nonce-OWIxZDNlZGMtZWQxZS00ZjRlLTg4OWYtY2RkOTdiYzFmMDFh' 'nonce-Y2ExZDg4OWEtM2ExOS00NzE0LTk2NjEtZWYzNmQyNzkxZDE2' 'nonce-ZDRkNDc2ZmYtMDQ4Yi00MDY4LWFjOWQtMTZkMmMzYmFhNWQw' 'nonce-ZTU4ZTIxNGItNmZiYy00ODM4LTljZDQtMzhhY2RkZTMxMWE2' 'nonce-ZmYyMzg3ZjgtNjY0Zi00ZDEyLWE0NTMtYWNhMzYzNGE2YmI2'",
"document-uri": "https://redacted.com/",
"violated-directive": "script-src 'strict-dynamic' 'unsafe-inline' 'nonce-M2EyZTVhMzItNDY5My00YTI5LWE3MzEtM2NjMjdjMjc0ZmQ0' 'nonce-M2JiODg4NWQtODJjNy00MTZjLTkyYzMtZjY1MDIyMDQwYzgw' 'nonce-M2Y3MDQ1YWUtNThiZi00MWI3LTg1NzQtYjg2NDAxMmE1YjZl' 'nonce-MjMyMjUxZGUtZTQ1MS00OGZlLTk2NGYtZGM0NzQwZDBlOGQx' 'nonce-Mjg2M2U1ZTgtZmYyNS00YzllLWI1ZDItODY1NWUxNjIxMzQx' 'nonce-MmMyMmQyNWYtNWU4OC00NjRhLWEzNDYtYjc1NDg4ZTMzOGUy' 'nonce-MzZjZTE4MGItMWQyZi00YzRhLWFhMmQtMjlhMjg1ZTQzZDdl' 'nonce-NDExZTg5MjYtODQ1ZC00ZTE5LThjYmEtYmU3NmY5ZDg2MjI0' 'nonce-NDhiNmU5YjktYzEyYS00NjFjLWJmMWItNzU0MzI2NTlkOGNh' 'nonce-NWI2Yzg1YzktN2JkZC00OGY5LWFhODktZTFhN2MxZTUxNTNj' 'nonce-NzFjNTUzN2YtMWQ3MC00ODY5LWJhYmUtOGYxYjBiZjc0Y2Yx' 'nonce-NzgzNjI3ZDctNWU0ZC00ZWI0LThiN2UtODk5NWFhODNjY2Zj' 'nonce-OTUwNzMyM2EtZmExMS00NjA1LThjNGMtZjQzYTFiZTM4NmQx' 'nonce-OWIxZDNlZGMtZWQxZS00ZjRlLTg4OWYtY2RkOTdiYzFmMDFh' 'nonce-Y2ExZDg4OWEtM2ExOS00NzE0LTk2NjEtZWYzNmQyNzkxZDE2' 'nonce-ZDRkNDc2ZmYtMDQ4Yi00MDY4LWFjOWQtMTZkMmMzYmFhNWQw' 'nonce-ZTU4ZTIxNGItNmZiYy00ODM4LTljZDQtMzhhY2RkZTMxMWE2' 'nonce-ZmYyMzg3ZjgtNjY0Zi00ZDEyLWE0NTMtYWNhMzYzNGE2YmI2'",
"blocked-uri": "https://redacted.com/static/js/browser.polyfill.min.js?etag=dp1dNqwV"
}
此报告的用户代理是
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
这在 Windows 10.
上解析为 Edge 18.0
我不清楚状态代码 200 在 CSP 报告的上下文中意味着什么,这似乎不会出现在其他浏览器上。
n.b.真实网址已被屏蔽
"status-code" 是实例化对象的资源的 HTTP 状态代码。在您的情况下,输出状态代码 200 是因为请求已正确执行且没有错误。
在我看来,这只发生在 IE 中,我在 Chrome 或 Safari 中都没有看到此代码 200。
(我正在使用 Report-Uri 网站调试我的 CSP。他们只用 IE 显示了这些现象。)
我有以下 CSP 报告:
"csp-report": {
"effective-directive": "script-src",
"referrer": "",
"status-code": 200,
"original-policy": "img-src 'self' data: https://redacted-development.s3.amazonaws.com https://s3.eu-west-2.amazonaws.com https://app.appzi.io https://cdn.ywxi.net https://randomuser.me;object-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'self';report-uri /report-csp;script-src 'strict-dynamic' 'unsafe-inline' 'nonce-M2EyZTVhMzItNDY5My00YTI5LWE3MzEtM2NjMjdjMjc0ZmQ0' 'nonce-M2JiODg4NWQtODJjNy00MTZjLTkyYzMtZjY1MDIyMDQwYzgw' 'nonce-M2Y3MDQ1YWUtNThiZi00MWI3LTg1NzQtYjg2NDAxMmE1YjZl' 'nonce-MjMyMjUxZGUtZTQ1MS00OGZlLTk2NGYtZGM0NzQwZDBlOGQx' 'nonce-Mjg2M2U1ZTgtZmYyNS00YzllLWI1ZDItODY1NWUxNjIxMzQx' 'nonce-MmMyMmQyNWYtNWU4OC00NjRhLWEzNDYtYjc1NDg4ZTMzOGUy' 'nonce-MzZjZTE4MGItMWQyZi00YzRhLWFhMmQtMjlhMjg1ZTQzZDdl' 'nonce-NDExZTg5MjYtODQ1ZC00ZTE5LThjYmEtYmU3NmY5ZDg2MjI0' 'nonce-NDhiNmU5YjktYzEyYS00NjFjLWJmMWItNzU0MzI2NTlkOGNh' 'nonce-NWI2Yzg1YzktN2JkZC00OGY5LWFhODktZTFhN2MxZTUxNTNj' 'nonce-NzFjNTUzN2YtMWQ3MC00ODY5LWJhYmUtOGYxYjBiZjc0Y2Yx' 'nonce-NzgzNjI3ZDctNWU0ZC00ZWI0LThiN2UtODk5NWFhODNjY2Zj' 'nonce-OTUwNzMyM2EtZmExMS00NjA1LThjNGMtZjQzYTFiZTM4NmQx' 'nonce-OWIxZDNlZGMtZWQxZS00ZjRlLTg4OWYtY2RkOTdiYzFmMDFh' 'nonce-Y2ExZDg4OWEtM2ExOS00NzE0LTk2NjEtZWYzNmQyNzkxZDE2' 'nonce-ZDRkNDc2ZmYtMDQ4Yi00MDY4LWFjOWQtMTZkMmMzYmFhNWQw' 'nonce-ZTU4ZTIxNGItNmZiYy00ODM4LTljZDQtMzhhY2RkZTMxMWE2' 'nonce-ZmYyMzg3ZjgtNjY0Zi00ZDEyLWE0NTMtYWNhMzYzNGE2YmI2'",
"document-uri": "https://redacted.com/",
"violated-directive": "script-src 'strict-dynamic' 'unsafe-inline' 'nonce-M2EyZTVhMzItNDY5My00YTI5LWE3MzEtM2NjMjdjMjc0ZmQ0' 'nonce-M2JiODg4NWQtODJjNy00MTZjLTkyYzMtZjY1MDIyMDQwYzgw' 'nonce-M2Y3MDQ1YWUtNThiZi00MWI3LTg1NzQtYjg2NDAxMmE1YjZl' 'nonce-MjMyMjUxZGUtZTQ1MS00OGZlLTk2NGYtZGM0NzQwZDBlOGQx' 'nonce-Mjg2M2U1ZTgtZmYyNS00YzllLWI1ZDItODY1NWUxNjIxMzQx' 'nonce-MmMyMmQyNWYtNWU4OC00NjRhLWEzNDYtYjc1NDg4ZTMzOGUy' 'nonce-MzZjZTE4MGItMWQyZi00YzRhLWFhMmQtMjlhMjg1ZTQzZDdl' 'nonce-NDExZTg5MjYtODQ1ZC00ZTE5LThjYmEtYmU3NmY5ZDg2MjI0' 'nonce-NDhiNmU5YjktYzEyYS00NjFjLWJmMWItNzU0MzI2NTlkOGNh' 'nonce-NWI2Yzg1YzktN2JkZC00OGY5LWFhODktZTFhN2MxZTUxNTNj' 'nonce-NzFjNTUzN2YtMWQ3MC00ODY5LWJhYmUtOGYxYjBiZjc0Y2Yx' 'nonce-NzgzNjI3ZDctNWU0ZC00ZWI0LThiN2UtODk5NWFhODNjY2Zj' 'nonce-OTUwNzMyM2EtZmExMS00NjA1LThjNGMtZjQzYTFiZTM4NmQx' 'nonce-OWIxZDNlZGMtZWQxZS00ZjRlLTg4OWYtY2RkOTdiYzFmMDFh' 'nonce-Y2ExZDg4OWEtM2ExOS00NzE0LTk2NjEtZWYzNmQyNzkxZDE2' 'nonce-ZDRkNDc2ZmYtMDQ4Yi00MDY4LWFjOWQtMTZkMmMzYmFhNWQw' 'nonce-ZTU4ZTIxNGItNmZiYy00ODM4LTljZDQtMzhhY2RkZTMxMWE2' 'nonce-ZmYyMzg3ZjgtNjY0Zi00ZDEyLWE0NTMtYWNhMzYzNGE2YmI2'",
"blocked-uri": "https://redacted.com/static/js/browser.polyfill.min.js?etag=dp1dNqwV"
}
此报告的用户代理是
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
这在 Windows 10.
上解析为 Edge 18.0我不清楚状态代码 200 在 CSP 报告的上下文中意味着什么,这似乎不会出现在其他浏览器上。
n.b.真实网址已被屏蔽
"status-code" 是实例化对象的资源的 HTTP 状态代码。在您的情况下,输出状态代码 200 是因为请求已正确执行且没有错误。
在我看来,这只发生在 IE 中,我在 Chrome 或 Safari 中都没有看到此代码 200。
(我正在使用 Report-Uri 网站调试我的 CSP。他们只用 IE 显示了这些现象。)