content-security-policy

来源： https://stackoverflow.com/questions/37819249/what-does-it-mean-to-set-a-content-security-policy-on-response-to-a-non-html-req

来源： https://stackoverflow.com/questions/62654694/using-angular-material-with-strict-content-security-policy

来源： https://stackoverflow.com/questions/54773828/wkwebview-warning-blocked-the-page-at-https-www-myurl-com-was-not-allowed

来源： https://stackoverflow.com/questions/54773828/wkwebview-warning-blocked-the-page-at-https-www-myurl-com-was-not-allowed

问题 I am embedding a WebGL game built in Unity on my web app built in Flask. I use a CSP for security purposes on the backend but even after including the wasm-eval directive in my CSP, I continue to get these errors only in Chrome: UnityLoader.js:4 failed to asynchronously prepare wasm: CompileError: WebAssembly.instantiate(): Wasm code generation disallowed by embedder printErr @ UnityLoader.js:4 UnityLoader.js:4 CompileError: WebAssembly.instantiate(): Wasm code generation disallowed by

问题 I got the following problem: Having set Content-Security-Policy style-src 'self' within .htacess file, chrome complains in the developer console when displaying PDF files linked like <a href="file.pdf"> . Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-[deleted]'), or a nonce ('nonce-...') is required to enable inline execution. I can also see that chrome applies some css

问题 I want to defer non-critical css using the following mechanism: <link rel="preload" href="styles.css" as="style" onload="this.onload=null;this.rel='stylesheet'"> I have the following Content Security Policy: Content-Security-Policy: default-src 'self'; object-src 'none'; font-src 'self'; base-uri 'self'; connect-src 'self'; manifest-src 'self'; img-src 'self'; script-src 'self' 'nonce-7cc36362-697e-4b28-bdd9-0400d8923894' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM='; style-src 'self'

问题 I want to defer non-critical css using the following mechanism: <link rel="preload" href="styles.css" as="style" onload="this.onload=null;this.rel='stylesheet'"> I have the following Content Security Policy: Content-Security-Policy: default-src 'self'; object-src 'none'; font-src 'self'; base-uri 'self'; connect-src 'self'; manifest-src 'self'; img-src 'self'; script-src 'self' 'nonce-7cc36362-697e-4b28-bdd9-0400d8923894' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM='; style-src 'self'

问题 Is there a way to override Content-Security-Policy set by the domain/site A while i am using nginx proxy_pass on Site B. Site A defined Content-Security-Policy on their domain. Site B acts as a reverse proxy for site A. How can i override Content-Security-Policy while serve content from site B ? how can i achieve this in nginx proxy pass ? my current nginx server block looks like this server { server_name proxy-domain.com.; location / { proxy_pass http://www.target-site.com/; proxy_set_header

问题 Is there a way to override Content-Security-Policy set by the domain/site A while i am using nginx proxy_pass on Site B. Site A defined Content-Security-Policy on their domain. Site B acts as a reverse proxy for site A. How can i override Content-Security-Policy while serve content from site B ? how can i achieve this in nginx proxy pass ? my current nginx server block looks like this server { server_name proxy-domain.com.; location / { proxy_pass http://www.target-site.com/; proxy_set_header