最近给BookstackAPP( [链接登录后可见] )添加了Google广告,但是发现一直不显示。
最后通过F12查看到如下错误提示:
because it violates the following Content Security Policy directive: "frame-src 'self'
从官方文档中找到了如下解释:
默认情况下,BookStack 将只允许将某些其他主机用作src应用程序内嵌入 iframe/frame 内容的值。这是通过CSP: frame-src标头完成的。ALLOWED_IFRAME_SOURCES您可以通过在文件中设置一个选项来配置受信任的来源列表
解决办法
修改.env
# Adding a single host
ALLOWED_IFRAME_SOURCES="https://example.com"
# Multiple hosts can be separated with a space
ALLOWED_IFRAME_SOURCES="https://a.example.com https://b.example.com"
# Allow all sources
# This opens vulnerability risk and should only be done in secure & trusted environments.
ALLOWED_IFRAME_SOURCES="*"