search

Home  >  Q&A  >  body text

nginx configures Content-Security-Policy and Font is killed

Some inexplicable things are inserted into the web page. For some reason, https cannot be turned on. If you decide to use Content-Security-Policy.
This is the Content-Security-Policy configuration on the nginx server side

Then the browser checks that Font has been killed, and I don’t know what to do.

曾经蜡笔没有小新曾经蜡笔没有小新2751 days ago790

reply all(1)I'll reply

  • 習慣沉默

    習慣沉默2017-05-16 17:17:15

    Server-->Network-->User browser. The server is correct and the browser is correct. Some inexplicable things are inserted into web pages, and someone inserts and modifies data during network transmission (common ones include DNS hijacking and HTTP traffic hijacking). HTTP is a clear text protocol, so it is very common to be hijacked.
    Finally, you added a controlled HTTP HEADER, which can be easily deleted by others. As for the picture you attached in the question, I couldn't see it clearly, so I didn't use it as a reference (it may be more appropriate to use HAR files later).

    reply
    0
  • Cancelreply