注册
登录
大数据安全
内容安全政策不允许表单提交
返回
内容安全政策不允许表单提交
作者:
没身份别烦我
发布时间:
2024-12-27 07:00:16 (20天前)
转自:
<p> <br/> .aspx?HCCID = 75694719&amp; culture = en-US&amp; mlcv = 3006&amp; template = 5:7拒绝加载图片’<a href="https://s4.mylivechat.com/livechat2/images/sprite.png',因为它违反了以下内容">https://s4.mylivechat.com/livechat2/images/sprite.png',因为它违反了以下内容</a><br/> <br/> 安全<br/> </跨度><br/> <br/> 政策<br/> </跨度><br/> 指令:“img-src’自我’数据:”。<br/> <br/> 拒绝将表单数据发送到“https://cipg.stanbicibtcbank.com/MerchantServices/MakePayment.aspx”,因为它违反了以下内容<br/> <br/> 安全<br/> </跨度><br/> <br/> 政策<br/> </跨度><br/> <br/> <br/></p>
收藏
举报
2 条回复
0#
回复此人
Minions
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 你正在通过 <code> Content-Security-Policy </code> 响应标头中的值: </p> <BLOCKQUOTE> <P> base-uri'无'; default-src'self' <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> ; child-src'un'; connect-src'self'; font-src'self' <a href="https://fonts.googleapis.com" rel="nofollow noreferrer"> https://fonts.googleapis.com </A> <a href="https://maxcdn.bootstrapcdn.com" rel="nofollow noreferrer"> https://maxcdn.bootstrapcdn.com </A> <a href="https://fonts.gstatic.com" rel="nofollow noreferrer"> https://fonts.gstatic.com </A> ;形式行动'自我'; frame-ancestors'none'; img-src'自我'数据:; media-src'self'; object-src'un';脚本-SRC '自' <a href="https://www.youtube.com" rel="nofollow noreferrer"> https://www.youtube.com </A> <a href="https://maps.google.com" rel="nofollow noreferrer"> https://maps.google.com </A> <a href="https://www.google-analytics.com" rel="nofollow noreferrer"> https://www.google-analytics.com </A> <a href="https://mylivechat.com" rel="nofollow noreferrer"> https://mylivechat.com </A> <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> <a href="https://maps.googleapis.com" rel="nofollow noreferrer"> https://maps.googleapis.com </A> “不安全的内联” '不安全-EVAL'; style-src'self' <a href="https://fonts.googleapis.com" rel="nofollow noreferrer"> https://fonts.googleapis.com </A> <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> <a href="https://maxcdn.bootstrapcdn.com" rel="nofollow noreferrer"> https://maxcdn.bootstrapcdn.com </A> “不安全的内联” </p> </BLOCKQUOTE> <P> 您添加到页面元数据的内容安全策略将被忽略,因为它存在于响应标头中。 </p> <P> 您需要对响应标头中发送的CSP进行以下添加(以粗体显示)。 </p> <BLOCKQUOTE> <P> base-uri'无'; default-src'self' <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> ; child-src'un'; connect-src'self'; font-src'self' <a href="https://fonts.googleapis.com" rel="nofollow noreferrer"> https://fonts.googleapis.com </A> <a href="https://maxcdn.bootstrapcdn.com" rel="nofollow noreferrer"> https://maxcdn.bootstrapcdn.com </A> <a href="https://fonts.gstatic.com" rel="nofollow noreferrer"> https://fonts.gstatic.com </A> ;形式行动'自我' 的<strong> <a href="https://cipg.stanbicibtcbank.com/MerchantServices/MakePayment.aspx" rel="nofollow noreferrer"> https://cipg.stanbicibtcbank.com/MerchantServices/MakePayment.aspx </A> </强> ; frame-ancestors'none'; img-src'自我'数据: 的<strong> <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> </强> ; media-src'self'; object-src'un'; script-src'self' <a href="https://www.youtube.com" rel="nofollow noreferrer"> https://www.youtube.com </A> <a href="https://maps.google.com" rel="nofollow noreferrer"> https://maps.google.com </A> <a href="https://www.google-analytics.com" rel="nofollow noreferrer"> https://www.google-analytics.com </A> <a href="https://mylivechat.com" rel="nofollow noreferrer"> https://mylivechat.com </A> <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> <a href="https://maps.googleapis.com" rel="nofollow noreferrer"> https://maps.googleapis.com </A> “不安全的内联” '不安全-EVAL'; style-src'self' <a href="https://fonts.googleapis.com" rel="nofollow noreferrer"> https://fonts.googleapis.com </A> <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> <a href="https://maxcdn.bootstrapcdn.com" rel="nofollow noreferrer"> https://maxcdn.bootstrapcdn.com </A> “不安全直插”; </p> </BLOCKQUOTE> <UL> <LI> 加 <a href="https://s4.mylivechat.com" rel="nofollow noreferrer"> https://s4.mylivechat.com </A> 到img-src </LI> <LI> 加 <a href="https://cipg.stanbicibtcbank.com/MerchantServices/MakePayment.aspx" rel="nofollow noreferrer"> https://cipg.stanbicibtcbank.com/MerchantServices/MakePayment.aspx </A> 形式行动 </LI> <LI> 去掉 <code> <meta http-equiv="Content-Security-Policy" content="form-action 'self'"> </code> 来自您的HTML代码 </LI> </UL> </DIV>
编辑
登录
后才能参与评论
