来自Cloudfront的小姐

问题描述 投票:0回答:1

我一直在接受来自CloudFront的错过。这是我的标题。由于内容安全策略条目较大,标头大小为12KB。任何人都可以帮忙解决这个问题吗?

HTTP/2 200
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2019 07:44:55 GMT
server: nginx/1.15.9
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; script-src 'self' 'unsafe-inline' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com 'unsafe-eval'; connect-src * 'self' ws://asort.com wss://asort.com http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; img-src data: 'self' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; style-src 'self' 'unsafe-inline' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com; font-src 'self' http://*.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com data: http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.asort.com https://*.asort.com http://*.amazonaws.com https://*.amazonaws.com http://*.rtschannel.com https://*.rtschannel.com http://*.freshchat.com https://*.freshchat.com http://*.google.com https://*.google.com http://*.google.co.in https://*.google.co.in http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net/r/collect* https://stats.g.doubleclick.net/r/collect* http://*.youtube.com https://*.youtube.com http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js http://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js http://*.cloudfront.net https://*.cloudfront.net http://*.googletagmanager.com https://*.googletagmanager.com http://*.gstatic.com https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.ytimg.com https://*.ytimg.com http://*.gravatar.com https://*.gravatar.com blob: http://*.razorpay.com https://*.razorpay.com;
x-powered-by: Express
vary: Accept-Encoding
x-whom: rc-nginx
x-cache: Miss from cloudfront
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
x-amz-cf-id: AxvhfreM3y8ex1iHfvxuYCPM5RZq4GYfW3mm0OjF5vbI6GSThkYW3g==
node.js amazon-web-services express devops aws-cloudfront
1个回答
0
投票

“内容安全政策”不应成为问题。我没有在响应头中看到任何可能导致MISS的Cache-Control / Expire标头,这意味着您需要查看您的CloudFront配置。 1.你有基于Selected头设置为ALL的Cache吗? 2.您是否有任何标题列入白名单,其中每个请求的值都在变化? 3.所有TTL 0都应该为您提供RefreshHit但是如果cookie /查询字符串等正在更改并且您已选择Forward ALL set,则检查Cache行为配置。

© www.soinside.com 2019 - 2024. All rights reserved.