为什么我会因阻塞的uri“关于”而违反CSP？ [英] Why would I get a CSP violation for the blocked-uri 'about'?

问题描述

我的CSP报告URI收到以下CSP违规：

My CSP report URI has received the following CSP violation:

{
  "csp-report":{
    "document-uri":"https://example.com/blog/somepage",
    "referrer":"",
    "violated-directive":"img-src 'self' data: p.typekit.net pbs.twimg.com platform.twitter.com q.stripe.com syndication.twitter.com",
    "effective-directive":"img-src",
    "original-policy": veryLongPolicyGoesHere,
    "blocked-uri":"about",
    "status-code":0
  }
}

为什么我会因为阻塞的uri关于而违反CSP？

Why would I get a CSP violation for the blocked-uri 'about'?

这是来自网络浏览器的内置 about： URL吗？尝试时，我无法复制该问题。

Is this the inbuilt about: URL from web browsers? I can't replicate the problem when I try.

推荐答案

我与用户一起发现它确实是断开连接导致此问题。我联系了进行扩展的人员，他们确认通过使用 about：blank 替换它们来阻止URI；

I worked with the user to discover it is indeed the Disconnect extension that is causing this. I contacted the people making the extension, and they confirmed they block URIs by replacing them with about:blank; this is what is causing the CSP violations.

直到Disconnect修复了他们的阻止方案，我认为最好的方法是在 blocked-uri 大约是。

Until Disconnect fixes their blocking scheme, I think the best approach is to simply ignore the CSP violation reports when blocked-uri is about.

这篇关于为什么我会因阻塞的uri“关于”而违反CSP？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！