SSL、自定义 TLD、Crossdomain.xml 和 Adsense.他们能打得很好吗? [英] SSL, Custom TLD's, Crossdomain.xml and Adsense. Can they play nicely?
问题描述
我正在开发一个使用 Adsense 的新网站.它是 https://viewing.nyc 并且正在进行中.我已经在网站上展示了一些 Adsense 广告,而且它们确实有效——从某种意义上说,它们实际上显示了广告——但它们在 Safari 控制台中输出了大量垃圾.
I have a new site I am working on that is using adsense. It is https://viewing.nyc and very much a work in progress. I have some adsense ads displaying on the site already and they work -- ins the sense that they actually display ads -- but they output a ton of garbage in the Safari console.
我经常看到的信息是经典:
The message I constantly see is the classic:
Blocked a frame with origin "https://googleads.g.doubleclick.net" from accessing a frame with origin "https://viewing.nyc". Protocols, domains, and ports must match.
所以,我已经在这里和那里玩了几天,在谷歌上搜索解决方案并试图了解如何解决它.我使用以下内容实现了一个 crossdomain.xml 文件:
So, I have been playing around with it for a few days here and there, googling for solutions and trying to understand how I can get around it. I implemented a crossdomain.xml file with the following:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/crossdomain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="false"/>
</cross-domain-policy>
但没有成功.问题是否源于我拥有 .nyc 顶级域和拥有 .com 的 Adsense 网站?有没有办法解决这些错误?
but no success. Does the problem stem from me having a .nyc top level domain and the adsense sites having .com? Is there a way around these errors?
推荐答案
您的网站输出以下标题.
Your website output the following headers.
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Request-Id: 86d0d6f2-eba5-46b2-b6cf-9ce77fc1f16e
X-Download-Options: noopen
X-Runtime: 0.955425
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self'; connect-src 'self' viewing.nyc *.viewing.nyc cdn.jsdelivr.net csi.gstatic.com pagead2.googlesyndication.com; font-src 'self' viewing.nyc *.viewing.nyc *.viewingnyc.dev fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' viewing.nyc *.viewing.nyc *.viewingnyc.dev s3.amazonaws.com pagead2.googlesyndication.com *.amazon-adsystem.com *.ssl-images-amazon.com *.media-amazon.com *.assoc-amazon.com *.twimg.com *.twitter.com *.instagram.com *.facebook.com data:; manifest-src 'self'; media-src utoob.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' viewing.nyc *.viewing.nyc *.viewingnyc.dev *.googletagservices.com *.googleadservices.com *.googlesyndication.com adservice.google.com googleads.g.doubleclick.net *.amazon-adsystem.com *.twimg.com *.twitter.com *.instagram.com *.facebook.com *.facebook.net gleam.io js.gleam.io lightwidget.com *.lightwidget.com; style-src 'self' 'unsafe-inline' viewing.nyc *.viewing.nyc *.viewingnyc.dev *.twitter.com *.instagram.com *.facebook.com fonts.googleapis.com gleam.io *.gleam.io; upgrade-insecure-requests
我会建议您删除 Content-Security-Policy 标头和 X-Permitted-Cross-Domain-Policies 标头.如果您希望 AdSense 正常运行,请同时删除 crossdomain.xml.
I will advice you to remove Content-Security-Policy header and X-Permitted-Cross-Domain-Policies header. Also remove the crossdomain.xml, If you want AdSense to function properly.
这不是一个理想的解决方案,但谷歌没有给出内容-安全-策略允许域的列表,它每天都在变化,所以现在最好避免这些标题.
This is not an ideal solution but Google has not given a list of Content-Security-Policy allowed domains, It changes everyday so it is better to avoid these header for now.
这篇关于SSL、自定义 TLD、Crossdomain.xml 和 Adsense.他们能打得很好吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
