将CSP标头添加到Google Cloud Storage [英] Add CSP header to Google Cloud Storage
问题描述
我正在通过Google Cloud Storage存储桶提供SPA(Vue应用程序)。
并且我正在尝试配置Google Cloud Storage存储桶以添加CSP响应标头。 ( Content-Security-Policy:default ...
)
I'm serving a SPA (Vue-app) from a Google Cloud Storage bucket.
And I'm trying to configure Google Cloud Storage bucket to add a CSP Response header. (Content-Security-Policy: default ...
)
我尝试了以下操作,但没有成功:
I've tried the following, but without success:
运行以下命令:
gsutil setmeta -h "Content-Security-Policy:${CSP}" gs://{BUCKET_NAME}/index.html
但这将返回以下响应:
CommandException: Invalid or disallowed header (Content-Security-Policy).
Only these fields (plus x-goog-meta-* fields) can be set or unset:
[u'cache-control', u'content-disposition', u'content-encoding', u'content-language', u'content-type']
似乎此标头不是标准的
然后我继续遵循他们的建议并在前面添加x-goog-meta-*
,希望他们自己将其转换回 Content-Security-Policy
。运行以下命令:
I then proceeded to follow their advice and prepend x-goog-meta-*
in the hopes they convert it back to Content-Security-Policy
themselves. Running the following:
gsutil setmeta -h "x-goog-meta-Content-Security-Policy:${CSP}" gs://{BUCKET_NAME}/index.html
..给出以下响应:
Setting metadata on gs://{BUCKET_NAME}/index.html...
/ [1 objects]
Operation completed over 1 objects.
因此可行。但是在检查响应标头后,他们没有将其更改为 Content-Security-Policy
标头:
So this works. But upon checking the response headers, they did not alter it to Content-Security-Policy
header:
因此,现在我对如何为Google存储桶启用此CSP标头一无所知。
我想念什么?还是根本不可能?
So now I'm a bit clueless how to enable this CSP-header for Google Storage buckets. What am I missing? Or is this simply not possible?
预先感谢。
推荐答案
目前Google Cloud Storage不接受海关标题,仅 。
For the moment Google Cloud Storage doesn’t admit customs headers, just the headers included in the documentation.
对此有一个公共功能要求,您可以在此处。
There is a public feature request for this that you can follow in here.
这篇关于将CSP标头添加到Google Cloud Storage的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!