防止javascript表单提交到php服务器的内容安全策略
防止javascript表单提交到php服务器的内容安全策略
提问于 2018-06-07 05:13:59
有没有人能帮我解决这个烦人的问题?我正在尝试向我的服务器提交一个条带表单。我在我的头<script src="https://js.stripe.com/v3/"></script>中有他们的链接。每次我点击表单按钮时,没有任何反应,因为CSP阻止表单提交。看起来像是Firefox在注入某种脚本?如何解决这个问题?我在本地主机上。
控制台日志
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
(function injectPageScriptAPI(scr....
elements-inner-card-799faf0b7f6484028049b34fc28226d1.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: (function(){function _PostRPC() { // in....
elements-inner-card-799faf0b7f6484028049b34fc28226d1.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
(function injectPageScriptAPI(scr....
controller-0d0fbe23aa60de208bc061dd4283db56.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: (function(){function _PostRPC() { // in....
controller-0d0fbe23aa60de208bc061dd4283db56.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
var AG_onLoad=function(func){if(d....
controller-0d0fbe23aa60de208bc061dd4283db56.html:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: try {
var AG_onLoad=function(func){if(d....
elements-inner-card-799faf0b7f6484028049b34fc28226d1.html:1Javascript
var stripe = Stripe('pk_test_test');
var elements = stripe.elements();
// Handle form submission
var form = document.getElementById('payment-form');
form.addEventListener('submitpayment', function(event) {
event.preventDefault();
stripe.createToken(card).then(function(result) {
if (result.error) {
// Inform the user if there was an error
var errorElement = document.getElementById('card-errors');
errorElement.textContent = result.error.message;
} else {
stripeTokenHandler(result.token);
}
});
});
// Send Stripe Token to Server
function stripeTokenHandler(token) {
// Insert the token ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
// Add Stripe Token to hidden input
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeToken');
hiddenInput.setAttribute('value', token.id);
form.appendChild(hiddenInput);
// Submit form
form.submit();
}回答 1
Stack Overflow用户
回答已采纳
发布于 2018-06-07 05:32:15
在这种情况下,是AdGuard FireFox附加组件导致了这个问题。
更多资源:
- 看起来您正在运行AdGuard扩展(AG_onLoad,Google Search,因此这可能是罪魁祸首
- 此CSP Github Page是一个很棒的资源,但_PostRPC调用位于
unexplained.md文档中。 - 它看起来可能与<代码>C9有关-显然FF有非常严格的CSP应用<代码>H210<代码>F211
如果您禁用所有附加组件,您能验证它是否正常工作吗?
哈!
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50729708
复制相关文章
相似问题