con*_*are 27 javascript ruby-on-rails adsense cross-domain cors
我正在SSL网站上成功投放谷歌广告,并正确设置CORS标题(并且大开)rack-cors:
Rails.configuration.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: :any
end
end
我可以通过卷曲调用确认标题是否存在:
$ curl -I https://viewing.nyc -H "Origin: https://foobar.com"
...
Access-Control-Allow-Origin: https://foobar.com
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Max-Age: 1728000
...
如果您访问Chrome或Firefox,控制台中没有跨站点脚本错误,但在Safari上,有数千个错误.
Blocked a frame with origin "https://googleads.g.doubleclick.net" from accessing a frame with origin "https://viewing.nyc". Protocols, domains, and ports must match.
rack-cors到目前为止,我已经完成了问题页面,没有解决方案.为什么这只发生在Safari上,我该如何解决?
我认为添加内容安全策略标头应该对您有所帮助。
add_header Content-Security-Policy: script-src 'self' https://googleads.g.doubleclick.net
在这里阅读更多内容:-
https://developers.google.com/web/fundamentals/security/csp/
| 归档时间: |
|
| 查看次数: |
1458 次 |
| 最近记录: |