Office 365 加载项:内容安全策略问题 [英] Office 365 add-in: Content Security Policy issues

问题描述

您好 Office 365 Outlook 团队，

Hi Office 365 Outlook team,

我们的 Office 365 加载项指定了以下内容安全策略:

Our Office 365 add-in specifies the following Content Security Policy:

内容安全政策指令:frame-ancestors ‘self’outlook.office365.com outlook.office.com"

Content Security Policy directive: "frame-ancestors ‘self’ outlook.office365.com outlook.office.com"

这一直运行良好，直到最近 Office 商店审核团队报告错误:

This has been working well until recently when the Office store review team reported the error:

拒绝在框架中显示我们的网址"，因为祖先违反了以下内容安全政策指令:frame-ancestors ‘self’outlook.office365.com outlook.office.com"

Refused to display ‘our url’ in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors ‘self’ outlook.office365.com outlook.office.com"

就好像他们基于 Web 的 Outlook 不是从 Outlook.office365.com 或 outlook.office.com 加载一样.

As if their web based Outlook was not loaded from outlook.office365.com or outlook.office.com.

商店团队没有提供他们测试的更多细节.

The store team did not provide any more details of their tests.

有人可以告诉我们 CSP 中是否缺少其他有效的 Office 365/Outlook 网址吗?

Can someone please tell us if we're missing other valid Office 365/Outlook urls in the CSP?

谢谢.

推荐答案

使用标准 O365 帐户在 Outlook.office.com 上进行验证.

Validation takes place on outlook.office.com using standard O365 accounts.

这篇关于Office 365 加载项:内容安全策略问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！