con*_*are 9 ssl crossdomain.xml adsense cross-domain tld
我有一个新的网站,我正在使用adsense.它是https://viewing.nyc并且正在进行中.我已经在网站上显示了一些adsense广告,并且它们可以正常工作 - 确切地说它们实际上展示了广告 - 但它们在Safari控制台中输出了大量垃圾.
我经常看到的信息是经典:
Blocked a frame with origin "https://googleads.g.doubleclick.net" from accessing a frame with origin "https://viewing.nyc". Protocols, domains, and ports must match.
所以,我已经在这里和那里玩了几天,谷歌搜索解决方案,并试图了解我如何绕过它.我实现了一个crossdomain.xml包含以下内容的文件:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/crossdomain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="false"/>
</cross-domain-policy>
但没有成功.问题源于我拥有.nyc顶级域名和adsense网站.com吗?有没有解决这些错误的方法?
您的网站输出以下标题。
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Request-Id: 86d0d6f2-eba5-46b2-b6cf-9ce77fc1f16e
X-Download-Options: noopen
X-Runtime: 0.955425
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self'; connect-src 'self' viewing.nyc *.viewing.nyc cdn.jsdelivr.net csi.gstatic.com pagead2.googlesyndication.com; font-src 'self' viewing.nyc *.viewing.nyc *.viewingnyc.dev fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' viewing.nyc *.viewing.nyc *.viewingnyc.dev s3.amazonaws.com pagead2.googlesyndication.com *.amazon-adsystem.com *.ssl-images-amazon.com *.media-amazon.com *.assoc-amazon.com *.twimg.com *.twitter.com *.instagram.com *.facebook.com data:; manifest-src 'self'; media-src utoob.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' viewing.nyc *.viewing.nyc *.viewingnyc.dev *.googletagservices.com *.googleadservices.com *.googlesyndication.com adservice.google.com googleads.g.doubleclick.net *.amazon-adsystem.com *.twimg.com *.twitter.com *.instagram.com *.facebook.com *.facebook.net gleam.io js.gleam.io lightwidget.com *.lightwidget.com; style-src 'self' 'unsafe-inline' viewing.nyc *.viewing.nyc *.viewingnyc.dev *.twitter.com *.instagram.com *.facebook.com fonts.googleapis.com gleam.io *.gleam.io; upgrade-insecure-requests
我会建议您删除 Content-Security-Policy 标头和 X-Permissed-Cross-Domain-Policies 标头。如果您希望 AdSense 正常运行,请同时删除 crossdomain.xml。
这不是一个理想的解决方案,但谷歌没有给出内容安全策略允许的域列表,它每天都会变化,所以现在最好避免使用这些标头。
| 归档时间: |
|
| 查看次数: |
767 次 |
| 最近记录: |