并且该错误仅在我加载子页面时显示.我收到此错误，但我不知道为什么
内容安全策略指令'script-src'的源列表包含无效的源:"strict-dynamic".它将被忽略.

And the error only shows up when I load a subpage. Im getting this error and I don´t know why
The source list for Content Security Policy directive 'script-src' contains an invalid source: ''strict-dynamic''. It will be ignored.

这不是错误，只是警告您的浏览器不支持'strict-dynamic'令牌.(猜测您使用的是Safari).

It's not an error, just a warning that you browser does not support the 'strict-dynamic' token. (guess you use Safari).

我猜想子页面是Google的一些iframe(oAuth2，reCaptcha等).iframe发布自己的CSP，其中包含'strict-dynamic'令牌，并且此CSP是在浏览器中创建的

I guess that subpage is a some Google's iframe (oAuth2, reCaptcha, etc). That iframe publush it's own CSP wich contains the 'strict-dynamic' token and this CSP was created in browsers backward compatibility mode (Google make such).

这是来自第三方CSP的警告，而不是您的警告.

That's a warning from third-party CSP, not your's.

我包含的脚本有效吗?

the scripts that I have included works?

您的父页面具有自己的CSP，该CSP允许脚本.嵌套浏览上下文(iframe)的CSP不会影响父页面(

Your parent page has own CSP which allows scripts. The CSP of nested browsing context (iframe) does not affects parent page (except the frame-ancestors directive).

那我在做什么错了?

So what Im I doing wrong?

什么都没有.这是内容安全策略的预期正常工作.
每个浏览上下文可以具有自己的CSP.但是所有警告将流向一个浏览器控制台，这是误导.

Nothing. It's an intended regular work of Content Security Policy.
Each browsing context can have its own CSP. But all warns will flow to one browser console, and that is mislead.