将CSP标头添加到Google Cloud Storage [英] Add CSP header to Google Cloud Storage

问题描述

我正在通过Google Cloud Storage存储桶提供SPA（Vue应用程序）。
并且我正在尝试配置Google Cloud Storage存储桶以添加CSP响应标头。 （ Content-Security-Policy：default ... ）

I'm serving a SPA (Vue-app) from a Google Cloud Storage bucket. And I'm trying to configure Google Cloud Storage bucket to add a CSP Response header. (Content-Security-Policy: default ...)

我尝试了以下操作，但没有成功：

I've tried the following, but without success:

运行以下命令：

gsutil setmeta -h "Content-Security-Policy:${CSP}" gs://{BUCKET_NAME}/index.html

但这将返回以下响应：

CommandException: Invalid or disallowed header (Content-Security-Policy).
Only these fields (plus x-goog-meta-* fields) can be set or unset:
[u'cache-control', u'content-disposition', u'content-encoding', u'content-language', u'content-type']

似乎此标头不是标准的

然后我继续遵循他们的建议并在前面添加x-goog-meta-* ，希望他们自己将其转换回 Content-Security-Policy 。运行以下命令：

I then proceeded to follow their advice and prepend x-goog-meta-* in the hopes they convert it back to Content-Security-Policy themselves. Running the following:

gsutil setmeta -h "x-goog-meta-Content-Security-Policy:${CSP}" gs://{BUCKET_NAME}/index.html

..给出以下响应：

Setting metadata on gs://{BUCKET_NAME}/index.html...
/ [1 objects]                                                                   
Operation completed over 1 objects. 

因此可行。但是在检查响应标头后，他们没有将其更改为 Content-Security-Policy 标头：

So this works. But upon checking the response headers, they did not alter it to Content-Security-Policy header:

因此，现在我对如何为Google存储桶启用此CSP标头一无所知。
我想念什么？还是根本不可能？

So now I'm a bit clueless how to enable this CSP-header for Google Storage buckets. What am I missing? Or is this simply not possible?

预先感谢。

推荐答案

目前Google Cloud Storage不接受海关标题，仅 。

For the moment Google Cloud Storage doesn’t admit customs headers, just the headers included in the documentation.

对此有一个公共功能要求，您可以在此处。

There is a public feature request for this that you can follow in here.

这篇关于将CSP标头添加到Google Cloud Storage的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！