less than 1 minute read

content-security-policy (CSR)

https://developers.google.com/web/fundamentals/security/csp/?hl=ko http 통신의 응답 해더에 사용할 수 있는 콘텐츠 도메인을 나열한다.

인스타그램 예제 content-security-policy: default-src * data: blob:;script-src .facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1: .spotilocal.com: ‘unsafe-inline’ ‘unsafe-eval’ .atlassolutions.com blob: data: ‘self’;style-src data: blob: ‘unsafe-inline’ *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com ‘self’;



🔗original-link

Updated: