内容安全策略在 Magneto 2 中不起作用

问题描述 投票:0回答:1

我使用 

https://r0.cloud.yellow.ai
magneto 2

添加了聊天脚本

我收到以下错误。

Refused to connect to 'wss://r0.cloud.yellow.ai/websocket/' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wss://r0.cloud.yellow.ai/websocket *.yellow.ai *.adobe.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'"

错误保持不变。

我添加了csp_whitelist.xml

<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
<policies>
<policy id="script-src">
<values>
<value id="yellowmessenger-cdn" type="host">cdn.yellowmessenger.com</value>
<value id="cdn.yellowmessenger" type="host">*.yellowmessenger.com</value>
<value id="yellow.ai" type="host">*.yellow.ai</value>
</values>
</policy>
<policy id="style-src">
<values>
<value id="style-cdn.yellowmessenger" type="host">*.yellowmessenger.com</value>
<value id="style-yellowmessenger" type="host">cdn.yellowmessenger.com</value>
</values>
</policy>
<policy id="font-src">
<values>
<value id="font-yellowmessenger" type="host">cdn.yellowmessenger.com</value>
</values>
</policy>
<policy id="connect-src">
<values>
<value id="yellow-ai-websocket" type="host">wss://r0.cloud.yellow.ai/websocket</value>
<value id="connect-yellowmessenger" type="host">*.yellow.ai</value>
</values>
</policy>
<policy id="img-src">
<values>
<value id="img-yellowmessenger" type="host">cdn.yellowmessenger.com</value>
<!--  Add other img-src values as needed  -->
</values>
</policy>
</policies>
</csp_whitelist>
php magento2 content-security-policy
1个回答
0
投票

参见规范中路径匹配列表中的第3点:https://www.w3.org/TR/CSP3/#match-paths

当您列出 wss://r0.cloud.yellow.ai/websocket 时,它必须完全匹配,而它拒绝连接到 wss://r0.cloud.yellow.ai/websocket/,因此您应该尝试添加尾部斜杠。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.