如何更改内容安全策略指令以允许addThis小部件? [英] How to change Content Security Policy directive to allow for addThis widget?
问题描述
我正在建立一个使用webpack的网站.
我将要启动它,我想戴上addThis
共享小部件.我正在按照addThis
的建议在关闭body标签之前在index.html
中添加addThis
代码.像这样:
I am making a site that uses webpack.
I am about to launch it and I want to put on addThis
share widget. I am adding the addThis
code in the index.html
right before closing body tag as advised by addThis
. Like this:
<!-- Go to www.addthis.com/dashboard to customize your tools -->
<script type="text/javascript"
src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-
###MY_NUMBERS###"></script>
</body>
这会在chrome-inspect控制台中产生以下错误:
this generates the following error in chrome-inspect console:
拒绝加载脚本
' http://s7.addthis.com/js/300/addthis_widget.js',因为它违反了
以下内容安全策略指令:"script-src'self'".
Refused to load the script
'http://s7.addthis.com/js/300/addthis_widget.js' because it violates
the following Content Security Policy directive: "script-src 'self'".
我已经阅读了一些内容,将addThis
分离到另一个js文件并将其保存到本地以将其加载到DOM似乎不起作用.
I have read up a little on it and it does not seem to work to seperate addThis
to another js-file and save that locally to load it to DOM.
我尝试将其添加到我的manifest.json
:
I tried add this to my manifest.json
:
"content_security_policy": "script-src 'self' http://s7.addthis.com/js/300/addthis_widget.js; object-src 'self'"
没有成功.有没有办法覆盖CSP设置以允许addThis-widget
?
No success. Is there a way to override CSP settings to allow for addThis-widget
?
推荐答案
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'
'unsafe-eval' https://*.addthis.com https://addthis.com;child-src 'self' 'unsafe-
inline' 'unsafe-eval' https://*.addthis.com https://addthis.com; object-src 'self'
'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://addthis.com; script-src
'self' 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://addthis.com; img-src
'self' 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://addthis.com;">
将其添加到标题中将允许加载addthis小部件.可能不安全,这将违背内容安全策略的目的...
Adding this to your header will allow the addthis widget to load. Might not be secure, which will defeat the purpose of Content-Security-Policies...
这篇关于如何更改内容安全策略指令以允许addThis小部件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!