Ryan Goodwill

> 代码中应该没有不安全的脚本，有什么方案可以复现你的 case 的么 当反向代理nginx包含了以下安全内容时可触发，发往服务端的聊天请求全部被浏览器本地拦截： security.conf \# security headers add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: ws: wss:...

> 代码中应该没有不安全的脚本，有什么方案可以复现你的 case 的么 我再次进行了测试，问题出在： add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;

Could you provide more details? This feature seems to be working fine on my end.