【发布时间】:2018-11-05 09:58:15
【问题描述】:
我使用托管在 Github Pages 上的 Jekyll 构建了一个网站:
杰基尔_config.yml:
# Comments
disqus_shortname: bad3r
_layout/post.html中的Disqus配置:
<div class="comments-wrapper">
<div id="disqus_thread"></div>
<script>
/**
* RECOMMENDED CONFIGURATION VARIABLES: EDIT AND UNCOMMENT THE SECTION BELOW TO INSERT DYNAMIC VALUES FROM YOUR PLATFORM OR CMS.
* LEARN WHY DEFINING THESE VARIABLES IS IMPORTANT: https://disqus.com/admin/universalcode/#configuration-variables
*/
var disqus_config = function() {
this.page.url = '{{ absolute_url }}{{ page.url }}'; /*Replace PAGE_URL with your page's canonical URL variable*/
this.page.identifier = '{{ page.url }}'; /*Replace PAGE_IDENTIFIER with your page's unique identifier variable*/
};
(function() { /* dont endit below this line */
var d = document,
s = d.createElement('script');
/* https://bad3r.disqus.com/embed.js */
/* 'https://{{ site.disqus_shortname }}.disqus.com/embed.js' */
s.src = 'https://{{ site.disqus_shortname }}.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript" rel="nofollow">comments powered by Disqus.</a></noscript>
</div>
<!-- /.comments-wrapper -->
我在 Jekyll front-matter 帖子中启用了 cmets:
---
layout: post
title: "Welcome to my new blog"
date: 2018-05-25
excerpt: "working on building my blog, here is an example post"
image: "/images/workProgress.jpg"
comments: true
---
链接到disque显示错误消息here的帖子,github上的代码here
如果您在页面上打开控制台,您将看到错误:
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”).
当我第一次遇到错误时,我没有内容安全策略 但我尝试实现一个,并在_includes/head.html 中添加了 CSP:
<!-- CSP(Content Security Policy) -->
<META HTTP-EQUIV='Content-Security-Policy' CONTENT="default-src 'self' ; script-src 'self' 'unsafe-inline' *.disqus.com a.disquscdn.com requirejs.org www.google-analytics.com; style-src 'self' 'unsafe-inline' a.disquscdn.com; img-src 'self' *; media-src 'self' ; frame-src disqus.com;">
_includes/head.html 包含在所有 _layouts/*.html 的开头
我不知道为什么还会出现这个错误。
【问题讨论】:
标签: javascript html jekyll github-pages content-security-policy