我在我的应用程序中添加 Content-security-policy 标头,方法是提供以下指令值作为 style-src:'unsafe-inline" script-src: www.googletagmanager; font-src: 'self' https: //fonts.gstatic.com https://fonts.googleapis.com https://cdn.syncfusion.com;像这样,但会抛出 g-tag 错误,即
ReferenceError: gtag is not defined
at m._next (main-es2015.f8382347a5a3c0995032.js:1:7087636)
at m.__tryOrUnsub (main-es2015.f8382347a5a3c0995032.js:1:3347524)
at m.next (main-es2015.f8382347a5a3c0995032.js:1:3346769)
at g._next (main-es2015.f8382347a5a3c0995032.js:1:3345964)
at g.next (main-es2015.f8382347a5a3c0995032.js:1:3345738)
at t.next (main-es2015.f8382347a5a3c0995032.js:1:3350442)
at m._next (main-es2015.f8382347a5a3c0995032.js:1:7046320)
at m.__tryOrUnsub (main-es2015.f8382347a5a3c0995032.js:1:3347524)
at m.next (main-es2015.f8382347a5a3c0995032.js:1:3346769)
at g._next (main-es2015.f8382347a5a3c0995032.js:1:3345964
还向我抛出字体错误,即
Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src data:* https://*".
atlas-dev.centilytics.com/:80
Refused to load the font 'data:application/x-font-ttf;charset=utf-8;base64,AAEAAAAKAIAAAwAgT1MvMjeaTzgAAAEoAAAAVmNtYXD7UP53AAALpAAACpRnbHlm1RHgJwAAIGAAAg9MaGVhZCCrrrwAAADQAAAANmhoZWEIXgZKAAAArAAAACRobXR4JAb+rAAAAYAAAAokbG9jYQKOW2wAABY4AAAKKG1heHADtAHQAAABCAAAACBuYW1lc0cOBgACL6wAAAIlcG9zdMlVyL8AAjHUAAApOgABAAAEAAAAAFwEAP/A/8AEQAABAAAAAAAAAAAAAAAAAAACiQABAAAAAQAAdbd+1l8PPPUACwQAAAAAAN7GNN8AAAAA3sY03//A/+QEQAQcAAAACAACAAEAAAAAAAEAAAKJAcQAIQAAAAAAAgAAAAoACgAAAP8AAAAAAAAAAQQAAZAABQAAAokCzAAAAI8CiQLMAAAB6wAyAQgAAAIABQMAAAAAAAAAAAAAAAAAAA...V4dC1mb3JtLTIFbGFiZWwLY2hlY2stYm94LTITYWRkLWVkaXQtZm9ybS1maWVsZAZidXR0b24LZHJvcC1kb3duLTIMcmFkaW8tYnV0dG9uCHBhc3N3b3JkE3RhYmxlLWluc2VydC1jb2x1bW4QdGFibGUtaW5zZXJ0LXJvdxV0YWJsZS1vdmVyd3JpdGUtY2VsbHMMdGFibGUtbmVzdGVkC3RhYmxlLW1lcmdlCWRyYWctZmlsbARob21lDWdhbnR0LWdyaXBwZXINYnJpbmctdG8tdmlldw9icmluZy10by1jZW50ZXIHd2FybmluZw1jcml0aWNhbC1wYXRoD2JvcmRlci1zaGFkb3ctMhJib3JkZXItZGlhZ29uYWwtdXAUYm9yZGVyLWRpYWdvbmFsLWRvd24NYm9yZGVyLWN1c3RvbQ1ib3JkZXItbm9uZS0xCmJvcmRlci1ib3gPYm9yZGVyLXNoYWRvdy0xBWF1ZGlvBXZpZGVvAAAAAA==' because it violates the following Content Security Policy directive: "font-src data:* https://*".
Refused to load the font 'data:application/x-font-ttf;charset=utf-8;base64,AAEAAAAKAIAAAwAgT1MvMjeaTzgAAAEoAAAAVmNtYXD7UP53AAALpAAACpRnbHlm1RHgJwAAIGAAAg9MaGVhZCCrrrwAAADQAAAANmhoZWEIXgZKAAAArAAAACRobXR4JAb+rAAAAYAAAAokbG9jYQKOW2wAABY4AAAKKG1heHADtAHQAAABCAAAACBuYW1lc0cOBgACL6wAAAIlcG9zdMlVyL8AAjHUAAApOgABAAAEAAAAAFwEAP/A/8AEQAABAAAAAAAAAAAAAAAAAAACiQABAAAAAQAAdbd+1l8PPPUACwQAAAAAAN7GNN8AAAAA3sY03//A/+QEQAQcAAAACAACAAEAAAAAAAEAAAKJAcQAIQAAAAAAAgAAAAoACgAAAP8AAAAAAAAAAQQAAZAABQAAAokCzAAAAI8CiQLMAAAB6wAyAQgAAAIABQMAAAAAAAAAAAAAAAAAAA...V4dC1mb3JtLTIFbGFiZWwLY2hlY2stYm94LTITYWRkLWVkaXQtZm9ybS1maWVsZAZidXR0b24LZHJvcC1kb3duLTIMcmFkaW8tYnV0dG9uCHBhc3N3b3JkE3RhYmxlLWluc2VydC1jb2x1bW4QdGFibGUtaW5zZXJ0LXJvdxV0YWJsZS1vdmVyd3JpdGUtY2VsbHMMdGFibGUtbmVzdGVkC3RhYmxlLW1lcmdlCWRyYWctZmlsbARob21lDWdhbnR0LWdyaXBwZXINYnJpbmctdG8tdmlldw9icmluZy10by1jZW50ZXIHd2FybmluZw1jcml0aWNhbC1wYXRoD2JvcmRlci1zaGFkb3ctMhJib3JkZXItZGlhZ29uYWwtdXAUYm9yZGVyLWRpYWdvbmFsLWRvd24NYm9yZGVyLWN1c3RvbQ1ib3JkZXItbm9uZS0xCmJvcmRlci1ib3gPYm9yZGVyLXNoYWRvdy0xBWF1ZGlvBXZpZGVvAAAAAA==' because it violates the following Content Security Policy directive: "font-src data:* https://*".
请帮助我或建议我一个最佳解决方案来解决这些问题并且安全标头得分为 A+
我正在尝试添加内容安全标头以保护我的应用程序免受 XSS 攻击 我当前的第三方脚本是 google-analytics 脚本、google-font 和 Angular-material css,用于在我的应用程序中设置样式