<add name="Content-security-policy" value="default-src 'self' '*';
script-src 'self' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://use.fontawesome.com;
style-src 'self' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://use.fontawesome.com;
img-src 'self' https://ssl.gstatic.com/;
font-src 'self' https://use.fontawesome.com"/>
上面是我曾经在网站上使用过的CSP,但不适用于我。
任何一次都可以帮忙吗
听起来您的标题格式不正确。脚本和样式资源被阻止,因为您没有启用不安全的内联代码。
您是否尝试为script-src和style-src指定'unsafe-inline'?
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="script-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://use.fontawesome.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://use.fontawesome.com;img-src 'self' https://ssl.gstatic.com/; font-src 'self' https://use.fontawesome.com;" />
</customHeaders>
</httpProtocol>