https://github.com/spatie/laravel-csp
https://github.com/frontegg/frontegg-vue
我需要帮助,
在我添加了laravel csp之后,前egg vue登录页面不起作用。
拒绝应用内联样式,因为它违反了以下内容安全策略指令:"style src"self"https://fonts.googleapis.com"nonce循环"不安全的内联"nonce循环"。请注意,如果源列表中存在哈希值或nonce值,则会忽略"unsafe-inline"。
拒绝应用内联样式,因为它违反了以下内容安全策略指令:"style-src"self"nonce loop"unsafe-inline"nonce loop";。请注意,如果源列表中存在哈希值或nonce值,则会忽略"unsafe-inline"。
请帮助如何解决此问题?
// frontegg
$this->addDirective(Directive::SCRIPT, 'https://assets.frontegg.com');
$this->addDirective(Directive::CONNECT, 'https://frontegg.com');
$this->addDirective(Directive::CONNECT, 'https://app-g6y1wrdhmmrt.frontegg.com');
$this->addDirective(Directive::IMG, 'https://fronteggprodeustorage.blob.core.windows.net');
$this->addDirective(Directive::STYLE, 'unsafe-inline');
查看屏幕截图了解更多信息
作为错误消息和https://www.w3.org/TR/CSP2/#directive-script src说,如果指定散列或nonce,就不能指定"unsafe-inline"。您应该从策略中删除"nonce循环"和nonce循环。如果要使用nonce,它们应该是随机的,并随着每个有效负载而变化。
经过几天的学习,我现在能够解决这个问题:
$this->addDirective(Directive::SCRIPT, 'https://*.frontegg.com');
$this->addDirective(Directive::SCRIPT, 'https://www.gstatic.com');
$this->addDirective(Directive::SCRIPT, 'https://assets.frontegg.com');
$this->addDirective(Directive::STYLE, 'https://*.frontegg.com');
$this->addDirective(Directive::STYLE, 'https://www.gstatic.com');
$this->addDirective(Directive::CONNECT, 'https://*.frontegg.com');
$this->addDirective(Directive::IMG, 'https://fronteggprodeustorage.blob.core.windows.net');