amp-iframe 内的 amp 页面上的 Disqus [英] Disqus on an amp page inside an amp-iframe

问题描述

我尝试在 amp 文档上实现 Disqus.我的想法是使用 amp-iframe它加载一个只包含 Disqus 的小文档.我用过这个放大器框架

I try to implement Disqus on an amp document. My idea is to use an amp-iframe which loads a small document which only contains Disqus. I used this amp frame

<amp-iframe width="300" height="300"
            layout="responsive"
            sandbox="allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts"
            resizable
            frameborder="0"
            seamless
            src="/disquss/name-of-blog-post">
    <div overflow tabindex=0 role=button aria-label="Read more">more!</div>
</amp-iframe>

然而，chrome 引发了内容安全策略违规:

However, chrome throws a content security policy violation:

拒绝加载脚本'https://a.disquscdn.com/next/embed/lounge.load.f3e1717b65a56e548d656e504'因为它违反了以下内容安全策略指令:"script-src https://.twitter.com:https://api.adsnative.com/v1/ad.json *.adsafeprotected.comhttps://cas.criteo.com/delivery/0.1/napi.jsonp .services.disqus.com:http://referrer.disqus.com/juggler/ disqus.com http://.twitter.com:a.disquscdn.com https://referrer.disqus.com/juggler/https://.services.disqus.com: *.moatads.com 'unsafe-eval'https://mobile.adnxs.com/mob https://ssl.google-analytics.com".

Refused to load the script 'https://a.disquscdn.com/next/embed/lounge.load.f3e1717b71e7256da258d3a504e56865.js' because it violates the following Content Security Policy directive: "script-src https://.twitter.com: https://api.adsnative.com/v1/ad.json *.adsafeprotected.com https://cas.criteo.com/delivery/0.1/napi.jsonp .services.disqus.com: http://referrer.disqus.com/juggler/ disqus.com http://.twitter.com: a.disquscdn.com https://referrer.disqus.com/juggler/ https://.services.disqus.com: *.moatads.com 'unsafe-eval' https://mobile.adnxs.com/mob https://ssl.google-analytics.com".

所以基本上，chrome 不会加载 https://a.disquscdn.com/next/embed/lounge.load.f3e1717b71e7256da258d3a504e56865.js 即使 a.disquscdn.com代码> 是允许的.此限制来自 iframe disqus 的使用.当我使用原生沙盒