Netlify 应用托管上的 Tailwind CDN 存在内容安全策略问题

我的 netlify 应用程序遇到有关 CSP 规则的问题。

我正在尝试在我的网站上使用 tailwind 的 CDN，在开发中它工作正常，但当我部署到 netlify 时，它说 CDN 已被 CSP 策略阻止。

我已经在

_headers

文件上有了 CDN URL，但它根本没有任何区别。

这就是我设置我的

_headers

文件的方式：

/*
   Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
   Content-Security-Policy: default-src https: 'self' *.netlify.app; connect-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/* https://google.com/pagead/* https://google.com/ccm/* https:// bat.bing.com/* https://google.com/* https://app-cdn.clickup.com/* https://forms.clickup.com/* *.clarity.ms *.googleadservices.com *.bing.com connect.facebook.net *.facebook.net snap.licdn.com *.ads.linkedin.com *.adsymptotic.com https://cdn.tailwindcss.com/cdn.linkedin.oribi.io * .facebook.com analytics.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br gap: ws :* *.fontawesome.com *.w3.org cdnjs.cloudflare.com *.cloudfront.net *.amazonaws.com *.ampproject.org bat.bing.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com *.cloudflare.com; frame-src https://accounts.google.com/gsi/ *.google.com *.facebook.com *.bing.com *.youtube.com *.instagram.com; img-src 'self' data: blob: *.facebook.com *.clarity.ms *.linkedin.com *.bing.com snap.licdn.com *. ads.linkedin.com *.adsymptotic.com *.amazonaws.com *.w3.org *.cloudfront.net i.ytimg.com *.google-analytics.com *.analytics.google. with *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br; script-src https://accounts.google.com/gsi/client https://bat.bing.com/ https://google.com/pagead https://google.com/ccm https: 'self' ' unsafe-inline' 'unsafe-eval' *.google.com google.com *.cloudfront.net snap.licdn.com analytics.google.com *.bing.com 'unsafe-inline ' https://www.googletagmanager.com; style-src https://accounts.google.com/gsi/style https://cdn.tailwindcss.com/ https: 'self' 'unsafe-inline' frame-ancestors 'self';
   Permissions-Policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=*, gyroscope=(), magnetometer=(), microphone=() , midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=()
   X-Content-Type-Options: nosniff
   X-XSS-Protection: 1; mode=block
   Set-Cookie: HttpOnly; Secure; SameSite=Strict;

错误是：

Refused to connect to 'https://cdn.tailwindcss.com/' because it violates the following Content Security Policy directive: "connect-src 'self' 'unsafe-inline' ...