CSP 오류를 수정하는 방법은 무엇입니까? "인라인 이벤트 핸들러의 실행이 다음 콘텐츠 보안 정책 지침을 위반하기 때문에 거부되었습니다..."
P粉781235689
2023-08-30 11:44:31
<p>我在 script-src 中添加随机数值时收到 CSP 错误。
这是我正在设置的 CSP -
内容安全策略:默认 src '无'; script-src 'self' '不安全评估' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希'; frame-src 'self' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希';连接-src'自我'; img-src“自身”数据:; style-src 'self' '不安全内联';对象-src'自我'; font-src'自身'数据:;</code></p>
<p>我的JS文件内容是-</p>
<pre class="brush:php;toolbar:false;"><html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> WebHelp Navigation Toolbar </title>
<style>
<!--
body {margin:0;}
-->
</style>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whver.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whutils.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whmsg.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whproxy.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whmozemu.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whtbar.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' type="text/javascript" language="JavaScript1.2">
//<![CDATA[
function printTopic() {
var topicPane;
if (top.frames[0].name == "ContentFrame")
topicPane = top.frames[0].frames[1].frames[1];
else
topicPane = top.frames[1].frames[1];
topicPane.focus();
var msg = new whMessage(WH_MSG_PRINT, 0, 0);
notify(msg);
}
//]]>
</script>
</head>
<body marginheight="0" marginwidth="0" bgcolor="#363f48" background="background.png" scroll="no">
<script nonce='b1967a39a02f45edbac95cbb4651bd12' language="javascript1.2">
<!--
if (window.gbWhTBar)
{
setButtonFont("toc","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("toc","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("idx","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("idx","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("fts","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("fts","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("glo","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("glo","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("searchform","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("searchform","","","","","","", true);
setButtonFont("banner","","","","","","");
setButtonFont("banner","","","","","","", true);
setButtonFont("custom15160","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("custom15160","Arial","11pt","White","Normal","Normal","none", true);
gsIToc = "wht_toc_n.gif";
gsITocS = "wht_toc_h.gif";
gsIIndex = "wht_idx_n.gif";
gsIIndexS = "wht_idx_h.gif";
gsISearch = "wht_fts_n.gif";
gsISearchS = "wht_fts_h.gif";
gsIGlossary = "wht_glo_n.gif";
gsIGlossaryS = "wht_glo_h.gif";
gsIWebSearch = "wht_ws.gif";
gsIWebSearchD = "wht_ws_g.gif";
gsIBanner = "wht_logo1.gif";
gsIGo = "wht_go.gif";
setBackgroundcolor("#363f48");
setBackground("background.png");
setAlignment("left");
setGoImage("search-input-go.png");
if (!gsBgImage)
{
setButtonBgColor("toc", gsBgColor);
setButtonBgColor("idx", gsBgColor);
setButtonBgColor("fts", gsBgColor);
setButtonBgColor("glo", gsBgColor);
setButtonBgColor("toc", gsTBSelectedBgColor, true);
setButtonBgColor("idx", gsTBSelectedBgColor, true);
setButtonBgColor("fts", gsTBSelectedBgColor, true);
setButtonBgColor("glo", gsTBSelectedBgColor, true);
setButtonBgColor("toc","#363f48");
setButtonBgColor("idx","#363f48");
setButtonBgColor("fts","#363f48");
setButtonBgColor("glo","#363f48");
setButtonBgColor("searchform","");
setButtonBgColor("banner","");
setButtonBgColor("custom15160","#363f48");
}
setButtonBgColor("toc","#363f48", true);
setButtonBgColor("idx","#363f48", true);
setButtonBgColor("fts","#363f48", true);
setButtonBgColor("glo","#363f48", true);
setButtonBgColor("searchform","", true);
setButtonBgColor("banner","", true);
setButtonBgColor("custom15160","#363f48", true);
addButton("toc",BTN_TEXT|BTN_IMG,"Contents","","","","",0,0,"contents-unselected.png","contents-selected.png","","contents-selected.png","","");
addButton("fts",BTN_TEXT|BTN_IMG,"Search","","","","",0,0,"search-unselected.png","search-selected.png","","search-selected.png","","");
addButton("searchform",BTN_TEXT,"","","","","",0,0,"","","","","","");
addButton("custom15160",BTN_TEXT|BTN_IMG,"Print","","printTopic();","","",0,0,"print-unselected.png","print-selected.png","","print-selected.png","","");
addButton("blankblock");
writeStyle(false);
ReSortToolbarButtons();
}
else
document.location.reload();
//-->
</script>
</body></pre>
<p>从 script-src 中删除“unsafe-inline”并添加“nonce-b1967a39a02f45edbac95cbb4651bd12”后,我收到此错误。在这个问题上纠结了好久。需要一些指导。提前致谢。</p>
![[웹 프런트엔드] Node.js 빠른 시작](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
오류 메시지는 인라인 이벤트 핸들러가 있음을 나타냅니다. 즉, onclick, onblur, onchange 등의 속성이 어딘가에 있음을 의미합니다. 오류 메시지에는 실제 코드에 대한 링크가 포함될 수 있습니다.
인라인 이벤트 핸들러를 허용하려면 다음 중 하나를 사용해야 합니다.
그러나 코드를 다시 작성할 수 있다면 가장 좋은 방법은 이벤트 리스너를 사용하는 것입니다.
이 속성은 nonceable이 아니므로 nonce 메서드는 이 코드에서 작동하지 않습니다.