nginx configures Content-Security-Policy and Font is killed
曾经蜡笔没有小新
曾经蜡笔没有小新 2017-05-16 17:15:15
0
1
792

Some inexplicable things are inserted into the web page. For some reason, https cannot be turned on. If you decide to use Content-Security-Policy.
This is the Content-Security-Policy configuration on the nginx server side

Then the browser checks that Font has been killed, and I don’t know what to do.

曾经蜡笔没有小新
曾经蜡笔没有小新

reply all(1)
習慣沉默

Server-->Network-->User browser. The server is correct and the browser is correct. Some inexplicable things are inserted into web pages, and someone inserts and modifies data during network transmission (common ones include DNS hijacking and HTTP traffic hijacking). HTTP is a clear text protocol, so it is very common to be hijacked.
Finally, you added a controlled HTTP HEADER, which can be easily deleted by others. As for the picture you attached in the question, I couldn't see it clearly, so I didn't use it as a reference (it may be more appropriate to use HAR files later).

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template