内容安全策略 data:image
ContentSecurityPolicy data:image
我决定尝试使用 ContentSecurityPolicy,似乎一切正常,但图像停止加载,出现此错误
Request URL: data:image/jpeg;base64
我需要在我的 ContentSecurityPolicy.php 文件中添加什么才能避免此错误?
这就是我现在拥有的
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class ContentSecurityPolicy
{
public $resources = [
'default-src' => [
"'self'",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];
public function handle(Request $request, Closure $next)
{
$response = $next($request);
$contentSecurityPolicy = '';
foreach ($this->resources as $key => $values) {
$contentSecurityPolicy .= $key . ' ' . implode(' ', $values);
}
$response->header("Content-Security-Policy", "default-src $contentSecurityPolicy");
return $response;
}
}
它确切地告诉了您缺少哪种 header。尝试将 data: 添加到您的数组。但是你应该考虑只为 img-src 使用该道具。因为在添加 CSP 时允许 data: 用于脚本等并不是一个好主意。
public $resources = [
'default-src' => [
"'self'",
"data:",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];
我决定尝试使用 ContentSecurityPolicy,似乎一切正常,但图像停止加载,出现此错误
Request URL: data:image/jpeg;base64
我需要在我的 ContentSecurityPolicy.php 文件中添加什么才能避免此错误?
这就是我现在拥有的
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class ContentSecurityPolicy
{
public $resources = [
'default-src' => [
"'self'",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];
public function handle(Request $request, Closure $next)
{
$response = $next($request);
$contentSecurityPolicy = '';
foreach ($this->resources as $key => $values) {
$contentSecurityPolicy .= $key . ' ' . implode(' ', $values);
}
$response->header("Content-Security-Policy", "default-src $contentSecurityPolicy");
return $response;
}
}
它确切地告诉了您缺少哪种 header。尝试将 data: 添加到您的数组。但是你应该考虑只为 img-src 使用该道具。因为在添加 CSP 时允许 data: 用于脚本等并不是一个好主意。
public $resources = [
'default-src' => [
"'self'",
"data:",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];