问题描述

获取

拒绝，因为它违反了以下内容安全策略指令适用内嵌样式:"风格-src的 '自我' 'SHA256-UTjtaAWWTyzFjRKbltk24jHijlTbP20C1GUYaWPqg7E =' 'SHA256-lAjyGSIzNSfpcl56itQltlKnBClAWcbXqXwsWgwPBDM =' 'SHA256-IQ1w928Id2I18HopWjf2QH1yWRabHjMmdIigddkJsjk ='是已实现，抱歉).Chrome的控制台消息在以上两种样式之间没有区别，都被认为是内联的.

But Chrome counts sha256 values for both of those, because it prepares to support 'unsafe-hashes' token ( is is implemented, sorry).Chrome's console messages have not differences between both of above styles, all considered as inline.

因此，您在HTML代码中的某个地方在标记中有一个内联样式(第2段). Chrome为此计算了sha256哈希，并在控制台中发出了警告.您可以将此哈希添加到CSP，但仍会发出警告，因为代码中的样式已被阻止-不能通过'hash-value'来允许.

So you have somewhere in HTML-code an inline style in the tag (para 2). Chrome counted sha256 hash for it and fired a warn in the console. You add this hash to the CSP but still have a warning, because style in the tag have blocked - it could not be allowed via 'hash-value'.

这篇关于CSP标头失败，并显示“拒绝应用内联样式...".但我已经添加了哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！