内容安全策略阻止 CDN
Content Security Policy blocking CDN
我是编码新手,我正在使用 bootstrap 框架制作网站,现在我将 bootstrap cdn 用于 javascript 和 css 但是一旦我把服务器上的网站会阻止外部链接。我尝试将 cdn 插入到元标记中,如下所示:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'
http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"/>
但是一旦放在服务器上,浏览器仍然会阻止脚本。
你能告诉我我做错了什么吗?如果可能的话,我想在超文本文件中处理内容安全策略。
来自:
I think I figured out the problem The CDN files use HTTP protocol while the server is a HTTPS server. The console says: Mixed content: The page was loaded over HTTPS, but requested an insecure stylesheet This request has been blocked; the content must be served over HTTPS.
然后从 https:
请求和白名单
<meta http-equiv="Content-Security-Policy" content="default-src 'self'
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"/>
我是编码新手,我正在使用 bootstrap 框架制作网站,现在我将 bootstrap cdn 用于 javascript 和 css 但是一旦我把服务器上的网站会阻止外部链接。我尝试将 cdn 插入到元标记中,如下所示:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'
http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"/>
但是一旦放在服务器上,浏览器仍然会阻止脚本。 你能告诉我我做错了什么吗?如果可能的话,我想在超文本文件中处理内容安全策略。
来自
I think I figured out the problem The CDN files use HTTP protocol while the server is a HTTPS server. The console says: Mixed content: The page was loaded over HTTPS, but requested an insecure stylesheet This request has been blocked; the content must be served over HTTPS.
然后从 https:
请求和白名单<meta http-equiv="Content-Security-Policy" content="default-src 'self'
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"/>