Bagaimana untuk membetulkan ralat CSP? "Pelaksanaan pengendali acara sebaris dinafikan kerana ia melanggar arahan Dasar Keselamatan Kandungan berikut..."
P粉781235689
2023-08-30 11:44:31
<p>我在 script-src 中添加随机数值时收到 CSP 错误。
这是我正在设置的 CSP -
内容安全策略:默认 src '无'; script-src 'self' '不安全评估' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希'; frame-src 'self' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希';连接-src'自我'; img-src“自身”数据:; style-src 'self' '不安全内联';对象-src'自我'; font-src'自身'数据:;</code></p>
<p>我的JS文件内容是-</p>
<pre class="brush:php;toolbar:false;"><html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> WebHelp Navigation Toolbar </title>
<style>
<!--
body {margin:0;}
-->
</style>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whver.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whutils.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whmsg.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whproxy.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whmozemu.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whtbar.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' type="text/javascript" language="JavaScript1.2">
//<![CDATA[
function printTopic() {
var topicPane;
if (top.frames[0].name == "ContentFrame")
topicPane = top.frames[0].frames[1].frames[1];
else
topicPane = top.frames[1].frames[1];
topicPane.focus();
var msg = new whMessage(WH_MSG_PRINT, 0, 0);
notify(msg);
}
//]]>
</script>
</head>
<body marginheight="0" marginwidth="0" bgcolor="#363f48" background="background.png" scroll="no">
<script nonce='b1967a39a02f45edbac95cbb4651bd12' language="javascript1.2">
<!--
if (window.gbWhTBar)
{
setButtonFont("toc","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("toc","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("idx","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("idx","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("fts","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("fts","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("glo","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("glo","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("searchform","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("searchform","","","","","","", true);
setButtonFont("banner","","","","","","");
setButtonFont("banner","","","","","","", true);
setButtonFont("custom15160","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("custom15160","Arial","11pt","White","Normal","Normal","none", true);
gsIToc = "wht_toc_n.gif";
gsITocS = "wht_toc_h.gif";
gsIIndex = "wht_idx_n.gif";
gsIIndexS = "wht_idx_h.gif";
gsISearch = "wht_fts_n.gif";
gsISearchS = "wht_fts_h.gif";
gsIGlossary = "wht_glo_n.gif";
gsIGlossaryS = "wht_glo_h.gif";
gsIWebSearch = "wht_ws.gif";
gsIWebSearchD = "wht_ws_g.gif";
gsIBanner = "wht_logo1.gif";
gsIGo = "wht_go.gif";
setBackgroundcolor("#363f48");
setBackground("background.png");
setAlignment("left");
setGoImage("search-input-go.png");
if (!gsBgImage)
{
setButtonBgColor("toc", gsBgColor);
setButtonBgColor("idx", gsBgColor);
setButtonBgColor("fts", gsBgColor);
setButtonBgColor("glo", gsBgColor);
setButtonBgColor("toc", gsTBSelectedBgColor, true);
setButtonBgColor("idx", gsTBSelectedBgColor, true);
setButtonBgColor("fts", gsTBSelectedBgColor, true);
setButtonBgColor("glo", gsTBSelectedBgColor, true);
setButtonBgColor("toc","#363f48");
setButtonBgColor("idx","#363f48");
setButtonBgColor("fts","#363f48");
setButtonBgColor("glo","#363f48");
setButtonBgColor("searchform","");
setButtonBgColor("banner","");
setButtonBgColor("custom15160","#363f48");
}
setButtonBgColor("toc","#363f48", true);
setButtonBgColor("idx","#363f48", true);
setButtonBgColor("fts","#363f48", true);
setButtonBgColor("glo","#363f48", true);
setButtonBgColor("searchform","", true);
setButtonBgColor("banner","", true);
setButtonBgColor("custom15160","#363f48", true);
addButton("toc",BTN_TEXT|BTN_IMG,"Contents","","","","",0,0,"contents-unselected.png","contents-selected.png","","contents-selected.png","","");
addButton("fts",BTN_TEXT|BTN_IMG,"Search","","","","",0,0,"search-unselected.png","search-selected.png","","search-selected.png","","");
addButton("searchform",BTN_TEXT,"","","","","",0,0,"","","","","","");
addButton("custom15160",BTN_TEXT|BTN_IMG,"Print","","printTopic();","","",0,0,"print-unselected.png","print-selected.png","","print-selected.png","","");
addButton("blankblock");
writeStyle(false);
ReSortToolbarButtons();
}
else
document.location.reload();
//-->
</script>
</body></pre>
<p>从 script-src 中删除“unsafe-inline”并添加“nonce-b1967a39a02f45edbac95cbb4651bd12”后,我收到此错误。在这个问题上纠结了好久。需要一些指导。提前致谢。</p>
![[Web front-end] Permulaan pantas Node.js](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Mesej ralat menunjukkan bahawa anda mempunyai pengendali acara sebaris, yang bermaksud anda mempunyai atribut onclick, onblur, onchange, dll. di suatu tempat. Mesej ralat mungkin mengandungi pautan ke kod sebenar.
Untuk membenarkan pengendali acara sebaris, anda perlu menggunakan salah satu daripada ini
Walau bagaimanapun, jika anda dapat menulis semula kod, pilihan terbaik anda ialah menggunakan pendengar acara.
Harta ini bukan nonceable, jadi kaedah nonce anda tidak akan berfungsi dengan kod ini.