新形式的内容安全政策问题 [英] Content Security Policy issues with new form
问题描述
为我正在使用的新表单设置内容安全策略的最简单方法是什么?我有一个前端到后端的表单用于我的注册,但是此表单要复杂得多,并向我抛出以下错误.我知道这与webpack有关,我已经尝试将代码插入到publ; ic index.html文件中,该文件刚刚停止了页面的呈现.
What is the easiest way for me to set the content security policy for a new form I am using? I have a frontend to backend form working for my registration but this form is a lot more complicated and is throwing me the errors below. I am aware this is to do with webpack and I have tried inserting code into my publ;ic index.html file which just stopped the page from rendering.
这与后端中的CORS设置有什么关系吗?我有以下引用标头的代码,并且在获取与我有相同问题的其他形式的标题时,我收到了错误消息.
Would this have anything to do with my CORS settings in the backend? I have the below code which references headers and the I have been getting error messages about setting headings in other forms that I am having the same issues with.
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header(
'Access-Control-Allow-headers',
'Origin, X-Requested-With, Content-Type, Accept',
);
next();
});
推荐答案
所描述的错误与后端中的CORS设置无关.它们与CSP(Content-Security-Policy)标头相关,您似乎不会使用它.但是对于不存在的页面,节点JS会自己发布CSP标头.
The errors described have nothing to do with your CORS settings in the backend. They are related to CSP (Content-Security-Policy) header, which you, it would seem, do not use. But for nonexistent pages node JS is published CSP header on its own.
请注意状态码 404未找到
.如果您不处理此类错误,则默认情况下,nodeJS使用自己的 finalhandler
执行这些错误.
该 finalhandler
的最新版本发布了CSP default-src'none';
的所有细节都是
Pay attention to status code 404 Not Found
. If you do not handle this kinds of errors, nodeJS uses own finalhandler
to carry out of those by default.
Last versions of this finalhandler
publish the CSP default-src 'none';
all the nitty-gritty is here.
好像您没有在服务器配置中提供到根/
文件夹的路由,因此找不到/favicon.ico
和类似的网址-> finalhandler
发布 default-src'none';
->您会在浏览器控制台中观察到违反CSP的情况(以及404未找到的消息).
Looks like you do not serve routes to root /
folder in you server config, therefore /favicon.ico
and similar urls are not found -> finalhandler
publishes default-src 'none';
-> you observe CSP violation in the browser console (along with the 404 not found messages).
您必须在 server.js
中添加类似内容:
You have to add into server.js
something like that:
app.use(express.static('client/public'));
app.get("/favicon.ico", (req, res) => {
res.sendFile(path.resolve(__dirname, "/favicon.ico"));
});
以上将解决"/favicon.ico
未找到"的问题,对于其他不存在"的问题,提示您也需要添加路线.
The above will solve the issue with "/favicon.ico
Not Found", for other "non existent" Urls you need to add routes too.
这篇关于新形式的内容安全政策问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!