Web 拒绝执行内联脚本,因为违反了内容安全策略(primefaces 8)
环境:Web 拒绝执行内联脚本,因为违反了内容安全策略(primefaces 8),web,jsf,primefaces,content-security-policy,Web,Jsf,Primefaces,Content Security Policy,环境: 爪哇11 JBoss7.2 素数面8 JSF2.3 我试图用ajax渲染事件更新组合框,但web没有更新组合框,因此出现此错误。 我怎样才能解决这个问题 错误js控制台 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-ZGRkM2ZjYTAtNzE3MC00MmU4LW
- 爪哇11
- JBoss7.2
- 素数面8
- JSF2.3
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-ZGRkM2ZjYTAtNzE3MC00MmU4LWE4YmMtOWNmYjUyNjYyMTNh'". Either the 'unsafe-inline' keyword, a hash ('sha256-PoJBY0XvVwb+v60hF7CQr9zfBAfr3HAsK3P9TEKUqGs='), or a nonce ('nonce-...') is required to enable inline execution.
runScript @ jsf.js.xhtml?ln=javax.faces:1
runScripts @ jsf.js.xhtml?ln=javax.faces:1
doUpdate @ jsf.js.xhtml?ln=javax.faces:1
response @ jsf.js.xhtml?ln=javax.faces:1
onComplete @ jsf.js.xhtml?ln=javax.faces:1
AjaxEngine.req.xmlReq.onreadystatechange @ jsf.js.xhtml?ln=javax.faces:1
web.xml
...
<!--Primefaces Content Security Policy-->
<context-param>
<param-name>primefaces.CSP</param-name>
<param-value>true</param-value>
</context-param>
...
...
<p:selectOneMenu id="cbxOrganisme" value="#{userBean.selected.organism}"
valueChangeListener="#{userBean.onChangeOrganism}"
converter="vTableConverter" filter="true"
rendered="true" required="true" style="width: 90%;">
<f:ajax event="change" execute="@this" listener="#{userBean.onChangeOrganism}" render="cbxCenter"/>
<f:selectItem itemLabel="#{messages['seleccionar']}" itemValue="" noSelectionOption="true"/>
<f:selectItems value="#{userBean.organisms}" var="organism"
itemLabel="#{sessionBean.localeCode eq 'ca'? organism.nomCA:organism.nomES}"
itemValue="#{organism}"/>
</p:selectOneMenu>
...
<html><head id="j_idt2">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE9">
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache">
<title>Govern de les Illes Balears - APP
</title><link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/theme.css.xhtml?ln=primefaces-bootstrap">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/fa/font-awesome.css.xhtml?ln=primefaces&v=8.0">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/govern-ie.css.xhtml?ln=css">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/buttons.css.xhtml?ln=css">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/components.css.xhtml?ln=primefaces&v=8.0">
<script type="text/javascript" src="/APP2/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=8.0" nonce="">
</script><script type="text/javascript" src="/APP2/javax.faces.resource/jquery/jquery-plugins.js.xhtml?ln=primefaces&v=8.0" nonce="">
</script><script type="text/javascript" src="/APP2/javax.faces.resource/core.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/components.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/idlemonitor/idlemonitor.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/touch/touchswipe.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/fileupload/fileupload.css.xhtml?ln=primefaces&v=8.0">
<script type="text/javascript" src="/APP2/javax.faces.resource/fileupload/fileupload.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/jsf.js.xhtml?ln=javax.faces" nonce=""></script>
<script type="text/javascript" nonce="">if(window.PrimeFaces){PrimeFaces.settings.locale='ca';}</script><script type="text/javascript" nonce="">$(function(){PrimeFaces.csp.init('ZTFhYjQ3MDItYzM5Yy00MGU5LWE2NDEtZDFjMTExNDEzMWU4');;});</script>
<script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-133688930-1" nonce=""></script>
<script nonce="">
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-133688930-1');
function redirectPrincipal() {
let context = "APP/";
let mainPage = "principal.xhtml";
let url = window.location.href;
if (url.endsWith(context)) {
window.location.replace(url + "principal.xhtml");
}
}
redirectPrincipal();
</script>
<link rel="SHORTCUT ICON" href="http://www.name.es/webname/favicon.ico"><script type="text/javascript" src="/APP2/javax.faces.resource/calendar-localization.js.xhtml?ln=js" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/functions.js.xhtml?ln=js" nonce=""></script>
<meta name="description" content="APP. Versió: 8.0.0-">
<meta name="author" content="Govern de les Illes Balears"></head>
<body>
...
</body>
</html>
。。。
primefaces.CSP
真的
...
face.xhtml
...
<!--Primefaces Content Security Policy-->
<context-param>
<param-name>primefaces.CSP</param-name>
<param-value>true</param-value>
</context-param>
...
...
<p:selectOneMenu id="cbxOrganisme" value="#{userBean.selected.organism}"
valueChangeListener="#{userBean.onChangeOrganism}"
converter="vTableConverter" filter="true"
rendered="true" required="true" style="width: 90%;">
<f:ajax event="change" execute="@this" listener="#{userBean.onChangeOrganism}" render="cbxCenter"/>
<f:selectItem itemLabel="#{messages['seleccionar']}" itemValue="" noSelectionOption="true"/>
<f:selectItems value="#{userBean.organisms}" var="organism"
itemLabel="#{sessionBean.localeCode eq 'ca'? organism.nomCA:organism.nomES}"
itemValue="#{organism}"/>
</p:selectOneMenu>
...
<html><head id="j_idt2">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE9">
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache">
<title>Govern de les Illes Balears - APP
</title><link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/theme.css.xhtml?ln=primefaces-bootstrap">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/fa/font-awesome.css.xhtml?ln=primefaces&v=8.0">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/govern-ie.css.xhtml?ln=css">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/buttons.css.xhtml?ln=css">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/components.css.xhtml?ln=primefaces&v=8.0">
<script type="text/javascript" src="/APP2/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=8.0" nonce="">
</script><script type="text/javascript" src="/APP2/javax.faces.resource/jquery/jquery-plugins.js.xhtml?ln=primefaces&v=8.0" nonce="">
</script><script type="text/javascript" src="/APP2/javax.faces.resource/core.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/components.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/idlemonitor/idlemonitor.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/touch/touchswipe.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/fileupload/fileupload.css.xhtml?ln=primefaces&v=8.0">
<script type="text/javascript" src="/APP2/javax.faces.resource/fileupload/fileupload.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/jsf.js.xhtml?ln=javax.faces" nonce=""></script>
<script type="text/javascript" nonce="">if(window.PrimeFaces){PrimeFaces.settings.locale='ca';}</script><script type="text/javascript" nonce="">$(function(){PrimeFaces.csp.init('ZTFhYjQ3MDItYzM5Yy00MGU5LWE2NDEtZDFjMTExNDEzMWU4');;});</script>
<script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-133688930-1" nonce=""></script>
<script nonce="">
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-133688930-1');
function redirectPrincipal() {
let context = "APP/";
let mainPage = "principal.xhtml";
let url = window.location.href;
if (url.endsWith(context)) {
window.location.replace(url + "principal.xhtml");
}
}
redirectPrincipal();
</script>
<link rel="SHORTCUT ICON" href="http://www.name.es/webname/favicon.ico"><script type="text/javascript" src="/APP2/javax.faces.resource/calendar-localization.js.xhtml?ln=js" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/functions.js.xhtml?ln=js" nonce=""></script>
<meta name="description" content="APP. Versió: 8.0.0-">
<meta name="author" content="Govern de les Illes Balears"></head>
<body>
...
</body>
</html>
。。。
...
web.html
...
<!--Primefaces Content Security Policy-->
<context-param>
<param-name>primefaces.CSP</param-name>
<param-value>true</param-value>
</context-param>
...
...
<p:selectOneMenu id="cbxOrganisme" value="#{userBean.selected.organism}"
valueChangeListener="#{userBean.onChangeOrganism}"
converter="vTableConverter" filter="true"
rendered="true" required="true" style="width: 90%;">
<f:ajax event="change" execute="@this" listener="#{userBean.onChangeOrganism}" render="cbxCenter"/>
<f:selectItem itemLabel="#{messages['seleccionar']}" itemValue="" noSelectionOption="true"/>
<f:selectItems value="#{userBean.organisms}" var="organism"
itemLabel="#{sessionBean.localeCode eq 'ca'? organism.nomCA:organism.nomES}"
itemValue="#{organism}"/>
</p:selectOneMenu>
...
<html><head id="j_idt2">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE9">
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache">
<title>Govern de les Illes Balears - APP
</title><link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/theme.css.xhtml?ln=primefaces-bootstrap">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/fa/font-awesome.css.xhtml?ln=primefaces&v=8.0">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/govern-ie.css.xhtml?ln=css">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/buttons.css.xhtml?ln=css">
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/components.css.xhtml?ln=primefaces&v=8.0">
<script type="text/javascript" src="/APP2/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=8.0" nonce="">
</script><script type="text/javascript" src="/APP2/javax.faces.resource/jquery/jquery-plugins.js.xhtml?ln=primefaces&v=8.0" nonce="">
</script><script type="text/javascript" src="/APP2/javax.faces.resource/core.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/components.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/idlemonitor/idlemonitor.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/touch/touchswipe.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<link type="text/css" rel="stylesheet" href="/APP2/javax.faces.resource/fileupload/fileupload.css.xhtml?ln=primefaces&v=8.0">
<script type="text/javascript" src="/APP2/javax.faces.resource/fileupload/fileupload.js.xhtml?ln=primefaces&v=8.0" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/jsf.js.xhtml?ln=javax.faces" nonce=""></script>
<script type="text/javascript" nonce="">if(window.PrimeFaces){PrimeFaces.settings.locale='ca';}</script><script type="text/javascript" nonce="">$(function(){PrimeFaces.csp.init('ZTFhYjQ3MDItYzM5Yy00MGU5LWE2NDEtZDFjMTExNDEzMWU4');;});</script>
<script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-133688930-1" nonce=""></script>
<script nonce="">
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-133688930-1');
function redirectPrincipal() {
let context = "APP/";
let mainPage = "principal.xhtml";
let url = window.location.href;
if (url.endsWith(context)) {
window.location.replace(url + "principal.xhtml");
}
}
redirectPrincipal();
</script>
<link rel="SHORTCUT ICON" href="http://www.name.es/webname/favicon.ico"><script type="text/javascript" src="/APP2/javax.faces.resource/calendar-localization.js.xhtml?ln=js" nonce=""></script>
<script type="text/javascript" src="/APP2/javax.faces.resource/functions.js.xhtml?ln=js" nonce=""></script>
<meta name="description" content="APP. Versió: 8.0.0-">
<meta name="author" content="Govern de les Illes Balears"></head>
<body>
...
</body>
</html>
治理les Illes Balears-应用程序
if(window.PrimeFaces){PrimeFaces.settings.locale='ca';}$(函数(){PrimeFaces.csp.init('ztfhyjq3mdityzm5yy000mgu5lwe2ndetzdfjmtexndezmwu4');;});
window.dataLayer=window.dataLayer | |[];
函数gtag(){dataLayer.push(参数);}
gtag('js',新日期());
gtag(“配置”、“UA-133688930-1”);
函数重定向主体(){
让context=“APP/”;
让mainPage=“principal.xhtml”;
让url=window.location.href;
if(url.endsWith(上下文)){
window.location.replace(url+“principal.xhtml”);
}
}
重定向主体();
...
当前,CSP与不能与所有Faces实现/版本结合使用
MyFaces从2.3-next(未来将是4.0)开始支持它,Mojarra一般不支持它:
作为解决方法,您可以随时使用。根据错误,您在页面上使用的是
f:ajax
,而不是p:ajax
。请看这里:这是一个已知的限制,它不适用于f:ajax
我正在进行迁移,但我还没有看到,谢谢!