我将 CSP 策略部署到我的系统,然后在尝试从本地路径查看 PDF 文件时遇到错误。在添加CSP策略之前,不会出现此问题。此问题出现在 Edge 和 Chrome 中,但不会出现在 Firefox 中。解决方法是添加 Adobe Acrobat 扩展。有什么办法修改程序允许查看文件吗?
我的 CSP 计划:
List<String> cspPolicies = new ArrayList<String>();
String originLocationRef = "'self'";
cspPolicies.add("default-src 'self'");
cspPolicies.add("script-src " + originLocationRef + " 'unsafe-inline' 'unsafe-eval'");
cspPolicies.add("object-src " + originLocationRef + " 'unsafe-inline'");
cspPolicies.add("style-src " + originLocationRef + " 'unsafe-inline'");
cspPolicies.add("img-src " + originLocationRef + " data:");
cspPolicies.add("form-action " + originLocationRef + " 'unsafe-inline'");
if (APP_USE_AUDIOS_OR_VIDEOS) {
cspPolicies.add("media-src " + originLocationRef + " 'unsafe-inline'");
}
if (APP_USE_WEBFONTS) {
cspPolicies.add("font-src " + originLocationRef + " 'unsafe-inline'");
}
cspPolicies.add("connect-src * 'unsafe-inline'");
this.policies = cspPolicies.toString().replaceAll("(\\[|\\])", "").replaceAll(",", ";").trim();
if (isFrame) {
policiesBuffer.append(";").append("frame-src 'self';sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads");
if (INCLUDE_MOZILLA_CSP_DIRECTIVES) {
policiesBuffer.append(";").append("frame-ancestors 'self'");
}
}
我已尝试修改:
policiesBuffer.append(";").append("frame-src 'self';sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads");
通过添加沙箱值,如allow-modals、allow-popups-to-escape-sandbox、allow-top-navigation-to-custom-protocols,但错误仍然发生。