防止javascript表单提交到php服务器的内容安全策略
有人能帮我解决这个烦人的问题吗?我正在尝试向我的服务器提交条带表单。我的标题中有他们的链接防止javascript表单提交到php服务器的内容安全策略,javascript,content-security-policy,Javascript,Content Security Policy,有人能帮我解决这个烦人的问题吗?我正在尝试向我的服务器提交条带表单。我的标题中有他们的链接。每次我点击表单按钮,都不会发生任何事情,因为CSP阻止表单提交。看起来Firefox正在注入某种脚本?如何避开这个问题?我在本地主机上 控制台日志 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try { (function in
。每次我点击表单按钮,都不会发生任何事情,因为CSP阻止表单提交。看起来Firefox正在注入某种脚本?如何避开这个问题?我在本地主机上
控制台日志
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
(function injectPageScriptAPI(scr....
elements-inner-card-799faf0b7f6484028049b34fc28226d1.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: (function(){function _PostRPC() { // in....
elements-inner-card-799faf0b7f6484028049b34fc28226d1.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
(function injectPageScriptAPI(scr....
controller-0d0fbe23aa60de208bc061dd4283db56.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: (function(){function _PostRPC() { // in....
controller-0d0fbe23aa60de208bc061dd4283db56.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
var AG_onLoad=function(func){if(d....
controller-0d0fbe23aa60de208bc061dd4283db56.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
var AG_onLoad=function(func){if(d....
elements-inner-card-799faf0b7f6484028049b34fc28226d1.html:1
Javascript
var stripe = Stripe('pk_test_test');
var elements = stripe.elements();
// Handle form submission
var form = document.getElementById('payment-form');
form.addEventListener('submitpayment', function(event) {
event.preventDefault();
stripe.createToken(card).then(function(result) {
if (result.error) {
// Inform the user if there was an error
var errorElement = document.getElementById('card-errors');
errorElement.textContent = result.error.message;
} else {
stripeTokenHandler(result.token);
}
});
});
// Send Stripe Token to Server
function stripeTokenHandler(token) {
// Insert the token ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
// Add Stripe Token to hidden input
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeToken');
hiddenInput.setAttribute('value', token.id);
form.appendChild(hiddenInput);
// Submit form
form.submit();
}
在这个特殊的例子中,是AdGuard FireFox插件导致了这个问题 其他资源:
- 看起来您正在运行AdGuard扩展(AG_onLoad),因此这很可能是罪魁祸首
- 这是一个很好的资源,但是_PostRPC调用在
.md文档中unexplained
- 看起来这可能与-显然FF对CSP的应用非常严格有关
HTH!棒极了,哈哈。我应该对此进行更多的研究。我看得太远了。你是否缩小了@GaryJ的附加问题?我为localhost启用了ad guard,它成功了。我忘了我已经运行了这个程序。很好!我会为其他开发者更新我的答案,并向CSP repo提交PR。我只是想确保这是相关的。Che呃!