我已经使用 Helmet 4.4.1 版本进行了尝试,对于 upgrade-insecure-requests CSP,它们都设置为 true
upgradeInsecureRequests: [] and upgradeInsecureRequests: ['true']
以上哪种格式使用正确?
我已经使用 Helmet 4.4.1 版本进行了尝试,对于 upgrade-insecure-requests CSP,它们都设置为 true
upgradeInsecureRequests: [] and upgradeInsecureRequests: ['true']
以上哪种格式使用正确?
这对我有用:
app.use(
helmet.contentSecurityPolicy({
directives: {
"script-src": ["'self'"],
upgradeInsecureRequests: null
},
})
);
将upgradeInsecureRequests设置为 null:
upgradeInsecureRequests: null
这对我有用:
defaultDirectives = helmet.contentSecurityPolicy.getDefaultDirectives();
delete defaultDirectives['upgrade-insecure-requests'];
app.use( helmet() );
app.use(helmet.contentSecurityPolicy({
directives: {
...defaultDirectives,
},
}));
该delete
部分删除对象中的upgrade-insecure-requests
键defaultDirectives
。
已解决:我们可以简单地添加 upgradeInsecureRequests: []