小贝子编程

ContentSecurityPolicy data:image



我决定尝试使用ContentSecurityPolicy,一切似乎都很好,但图像停止加载,我得到了这个错误

请求URL:数据:image/jpeg;base64

为了避免此错误,我需要向ContentSecurityPolicy.php文件中添加什么?

这就是我现在拥有的

<?php
namespace AppHttpMiddleware;
use Closure;
use IlluminateHttpRequest;
class ContentSecurityPolicy
{
public $resources = [
'default-src' => [
"'self'",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];
public function handle(Request $request, Closure $next)
{
$response = $next($request);
$contentSecurityPolicy = '';
foreach ($this->resources as $key => $values) {
$contentSecurityPolicy .= $key . ' ' . implode(' ', $values);
}
$response->header("Content-Security-Policy", "default-src $contentSecurityPolicy");
return $response;
}
}

它准确地告诉您它缺少什么类型的头。尝试将data:添加到阵列中。但是您应该考虑仅对img-src使用该道具。因为在添加CSP时,允许脚本等使用data:不是一个好主意。

public $resources = [
'default-src' => [
"'self'",
"data:",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium