我目前正在使用 symfony 和许多 symfony ux 包,并且我的外部脚本(例如 font Awesome 或 google fonts)未加载,我收到此错误消息:
Content-Security-Policy : Les paramètres de la page ont empêché l’exécution d’un script intégré (script-src-elem) car il enfreint la directive suivante : « script-src 'self' »这是我的composer.json:
{
"type": "project",
"license": "proprietary",
"minimum-stability": "stable",
"prefer-stable": true,
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"api-platform/core": "^3.2",
"doctrine/doctrine-bundle": "^2.11",
"doctrine/doctrine-migrations-bundle": "^3.3",
"doctrine/orm": "^2.17",
"gocardless/gocardless-pro": "^5.9",
"nelmio/cors-bundle": "*",
"phpdocumentor/reflection-docblock": "^5.3",
"phpstan/phpdoc-parser": "^1.25",
"symfony/asset": "7.0.*",
"symfony/asset-mapper": "7.0.*",
"symfony/console": "7.0.*",
"symfony/doctrine-messenger": "7.0.*",
"symfony/dotenv": "7.0.*",
"symfony/expression-language": "7.0.*",
"symfony/flex": "^2",
"symfony/form": "7.0.*",
"symfony/framework-bundle": "7.0.*",
"symfony/http-client": "7.0.*",
"symfony/intl": "7.0.*",
"symfony/mailer": "7.0.*",
"symfony/mime": "7.0.*",
"symfony/monolog-bundle": "^3.0",
"symfony/notifier": "7.0.*",
"symfony/process": "7.0.*",
"symfony/property-access": "7.0.*",
"symfony/property-info": "7.0.*",
"symfony/runtime": "7.0.*",
"symfony/security-bundle": "7.0.*",
"symfony/serializer": "7.0.*",
"symfony/stimulus-bundle": "^2.13",
"symfony/string": "7.0.*",
"symfony/translation": "7.0.*",
"symfony/twig-bundle": "7.0.*",
"symfony/ux-turbo": "^2.13",
"symfony/validator": "7.0.*",
"symfony/web-link": "7.0.*",
"symfony/yaml": "7.0.*",
"twig/extra-bundle": "^2.12|^3.0",
"twig/twig": "^2.12|^3.0"
},
"config": {
"allow-plugins": {
"php-http/discovery": true,
"symfony/flex": true,
"symfony/runtime": true
},
"sort-packages": true
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"App\\Tests\\": "tests/"
}
},
"replace": {
"symfony/polyfill-ctype": "*",
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php72": "*",
"symfony/polyfill-php73": "*",
"symfony/polyfill-php74": "*",
"symfony/polyfill-php80": "*",
"symfony/polyfill-php81": "*",
"symfony/polyfill-php82": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install %PUBLIC_DIR%": "symfony-cmd",
"importmap:install": "symfony-cmd"
},
"post-install-cmd": [
"@auto-scripts"
],
"post-update-cmd": [
"@auto-scripts"
]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "7.0.*"
}
},
"require-dev": {
"phpunit/phpunit": "^9.5",
"symfony/browser-kit": "7.0.*",
"symfony/css-selector": "7.0.*",
"symfony/debug-bundle": "7.0.*",
"symfony/maker-bundle": "^1.0",
"symfony/phpunit-bridge": "^7.0",
"symfony/stopwatch": "7.0.*",
"symfony/web-profiler-bundle": "7.0.*"
}
}
我没有使用nelmio安全捆绑包,那么为什么我会收到此消息?
我尝试修改我的 nelmio cors 包,但没有成功。
翻译后的错误信息如下
Content-Security-Policy:页面设置已阻止 执行嵌入脚本(script-src-elem),因为它 遇到以下指令:“script-src 'self'”。
简单来说,您拥有的 CSP 会阻止您从外部域加载脚本。
当您在 CSP 中看到 script-src 'self' 时,这意味着该页面仅允许加载和执行 JavaScript 文件(如果它们托管在与该页面相同的源上),您将需要更改您的 CSP要加载的外部托管脚本。
请参阅 https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP 了解更多详细信息