如何解决Google Analytics sha384 完整性哈希不起作用
我的 jekyll 应用程序中有一个谷歌分析脚本,它突然停止捕获访问者信息。我已确定散列已弃用,并已包含以下错误消息:
<script async src="https://www.googletagmanager.com/gtag/js?id=XYZ" integrity="sha384-MY HASH" crossorigin="anonymous"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js',new Date());
gtag('config','UA-144775756-1');
</script>
在 Firefox 开发版中:
None of the “sha384” hashes in the integrity attribute match the content of the subresource.
在 Chrome 中:
GET https://www.googletagmanager.com/gtag/js?id=XYZ net::ERR_BLOCKED_BY_CLIENT
出于安全原因,我无法删除完整性哈希,我需要这些分析。
我曾尝试通过 https://www.srihash.org/ 更改完整性哈希,但不幸的是没有真正改变。
<Meta http-equiv="Content-Security-Policy" content="default-src 'self' https://www.googletagmanager.com">
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' https://www.googletagmanager.com". Either the 'unsafe-inline' keyword,a hash ('sha256-UVGwFlokk48rx16gP58wsQf8mf94VqVbcJorUyG9iug='),or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set,so 'default-src' is used as a fallback.
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self' https://www.googletagmanager.com". Either the 'unsafe-inline' keyword,a hash ('sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog='),or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers,style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set,so 'default-src' is used as a fallback.
更新:
我能够使用 this solution 修复 CSP 错误,但 sha384 哈希的原始问题仍然存在。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
