0
這是一個服務器端CSP問題。在NGINX中,由於我的內容安全策略標題讓我很困難,因此在重新加載配置時遇到了一些問題。NGINX分析和重新加載時失敗的內容安全策略
[[email protected] ~]# service nginx reload
nginx: [emerg] unknown directive "script-src" in /etc/nginx/conf.d/ssl.conf:15
nginx: configuration file /etc/nginx/nginx.conf test failed
我已經重寫和重寫了這個政策大概8次,但NGINX不會接受它。 NGINX版本的nginx/1.10.2,CentOS的6.8,內核2.6.32-642.13.1.el6.x86_64
server {
[...] //Stuff
add_header Content-Security-Policy:"default-src 'self';script-src 'self' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://cdn.mxpnl.com https://ajax.cloudflare.com https://*.redacted.co;style-src 'self' https://*.redacted.co;img-src *;font-src 'self' https://*.redacted.co https://cloud.typography.com; object-src 'none';frame-src 'none';upgrade-insecure-requests;";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
[...] //Stuff
}
有什麼明顯的我失蹤?