我有以下问题:内容安全策略 - 儿童SRC
在我oxid
店我碰到下面的错误,当我尝试保存在某一个点:
未能进行过程未知指令'child-src'。
我试过它在不同的服务器上,一切工作正常。我只取(发生故障的服务器上)的标题来看看在CSP,这是输出:
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.twimg.com; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com; font-src 'self' *.example.org; img-src data: *.example.org; child-src *.example.org *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com; frame-src *.example.org *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com; object-src 'none'; media-src *.example.org;
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.twimg.com; style-src 'self' 'unsafe-inline' *.example.org *.twitter.com; font-src *; img-src data: *.example.org; child-src *.example.org *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com; frame-src *.example.org *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com; object-src 'none'; media-src *.example.org;
任何想法?需要更多信息?
在此先感谢
child-src is [deprecated](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src) – user10089632
改为使用frame-src [ (https://stackoverflow.com/questions/30023608/how-to-use-frame-src-and-child-src-in-firefox-and-other-browsers) – user10089632