bootstrap 样式不适用于设置内容安全性 header
bootstrap styling not working on setting content security header
[页面短屏,控制台错误][1]
[1]: https://i.stack.imgur.com/QIuHp.png
我正在尝试在我的 angular 项目中添加 Content-Security-Header
component.html
<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self';style-src 'self'">
<meta charset="utf-8">
<title>Shop</title>
<base href="/">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="favicon.ico">
</head>
<body>
<app-root></app-root>
</body>
</html>
component.css
* {
box-sizing: border-box;
}
body {
margin: 0;
padding: 0;
}
.navbar {
background-color: #333;
color: white;
}
.brand-title {
font-size: 1.5rem;
margin: .5rem;
}
.navbar-links {
height: 100%;
}
.navbar-links ul {
display: flex;
margin: 0;
padding: 0;
}
.navbar-links li {
list-style: none;
}
.navbar-links li a {
display: block;
text-decoration: none;
color: white;
padding: 1rem;
}
.navbar-links li:hover {
background-color: #555;
}
.toggle-button {
position: absolute;
top: .75rem;
right: 1rem;
display: none;
flex-direction: column;
justify-content: space-between;
width: 30px;
height: 21px;
}
.toggle-button .bar {
height: 3px;
width: 100%;
background-color: white;
border-radius: 10px;
}
@media (max-width: 800px) {
.navbar {
flex-direction: column;
align-items: flex-start;
width: 100%;
}
.toggle-button {
display: flex;
}
.navbar-links {
display: none;
width: 100%;
}
.navbar-links ul {
width: 100%;
flex-direction: column;
}
.navbar-links ul li {
text-align: center;
}
.navbar-links ul li a {
padding: .5rem 1rem;
}
.navbar-links.active {
display: flex;
}
}
index.html
<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self';style-src 'self'">
<meta charset="utf-8">
<title>Shop</title>
<base href="/">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="favicon.ico">
</head>
<body>
<app-root></app-root>
</body>
</html>
添加 header 我应用的样式已损坏。
adding 'unsafe-inline' will fix but is there a more secure or better way of doing this?
看起来 impossible 避免 style-src 指令中的 'unsafe-inline'。请参阅“建议步骤”中的第 1 段:
- We should clearly state that allowing 'unsafe-inline' in style-src is required for Angular applications.
[页面短屏,控制台错误][1] [1]: https://i.stack.imgur.com/QIuHp.png
我正在尝试在我的 angular 项目中添加 Content-Security-Header
component.html
<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self';style-src 'self'">
<meta charset="utf-8">
<title>Shop</title>
<base href="/">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="favicon.ico">
</head>
<body>
<app-root></app-root>
</body>
</html>
component.css
* {
box-sizing: border-box;
}
body {
margin: 0;
padding: 0;
}
.navbar {
background-color: #333;
color: white;
}
.brand-title {
font-size: 1.5rem;
margin: .5rem;
}
.navbar-links {
height: 100%;
}
.navbar-links ul {
display: flex;
margin: 0;
padding: 0;
}
.navbar-links li {
list-style: none;
}
.navbar-links li a {
display: block;
text-decoration: none;
color: white;
padding: 1rem;
}
.navbar-links li:hover {
background-color: #555;
}
.toggle-button {
position: absolute;
top: .75rem;
right: 1rem;
display: none;
flex-direction: column;
justify-content: space-between;
width: 30px;
height: 21px;
}
.toggle-button .bar {
height: 3px;
width: 100%;
background-color: white;
border-radius: 10px;
}
@media (max-width: 800px) {
.navbar {
flex-direction: column;
align-items: flex-start;
width: 100%;
}
.toggle-button {
display: flex;
}
.navbar-links {
display: none;
width: 100%;
}
.navbar-links ul {
width: 100%;
flex-direction: column;
}
.navbar-links ul li {
text-align: center;
}
.navbar-links ul li a {
padding: .5rem 1rem;
}
.navbar-links.active {
display: flex;
}
}
index.html
<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self';style-src 'self'">
<meta charset="utf-8">
<title>Shop</title>
<base href="/">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="favicon.ico">
</head>
<body>
<app-root></app-root>
</body>
</html>
添加 header 我应用的样式已损坏。
adding 'unsafe-inline' will fix but is there a more secure or better way of doing this?
看起来 impossible 避免 style-src 指令中的 'unsafe-inline'。请参阅“建议步骤”中的第 1 段:
- We should clearly state that allowing 'unsafe-inline' in style-src is required for Angular applications.