我已经使用 Helmet 4.4.1 版本进行了尝试,对于 upgrade-insecure-requests CSP,它们都设置为 true
upgradeInsecureRequests: [] and upgradeInsecureRequests: ['true']
以上哪种格式使用正确?
问问题
910 次
3 回答
1
这对我有用:
app.use(
helmet.contentSecurityPolicy({
directives: {
"script-src": ["'self'"],
upgradeInsecureRequests: null
},
})
);
将upgradeInsecureRequests设置为 null:
upgradeInsecureRequests: null
于 2022-01-14T18:24:11.427 回答
0
这对我有用:
defaultDirectives = helmet.contentSecurityPolicy.getDefaultDirectives();
delete defaultDirectives['upgrade-insecure-requests'];
app.use( helmet() );
app.use(helmet.contentSecurityPolicy({
directives: {
...defaultDirectives,
},
}));
该delete部分删除对象中的upgrade-insecure-requests键defaultDirectives。
于 2021-05-18T04:48:00.120 回答
0
已解决:我们可以简单地添加 upgradeInsecureRequests: []
于 2021-03-15T06:48:57.433 回答