이 문서는 아직 자원 봉사자들이 한국어로 번역하지 않았습니다. 참여해서 번역을 마치도록 도와 주세요!
English (US)의 문서도 읽어보세요.

CSP fetch directives are used in a Content-Security-Policy header and control locations from which certain resource types may be loaded. For instance, script-src allows developers to allow trusted sources of script to execute on a page, while font-src controls the sources of web fonts.

All fetch directives fall back to default-src. That means, if a fetch directive is absent in the CSP header, the user agent will look for the default-src directive.

List of CSP fetch directives

child-src
Defines the valid sources for web workers and nested browsing contexts loaded using elements such as <frame> and <iframe>.

Instead of child-src, authors who wish to regulate nested browsing contexts and workers should use the frame-src and worker-src directives, respectively.

connect-src
Restricts the URLs which can be loaded using script interfaces
default-src
Serves as a fallback for the other fetch directives.
font-src
Specifies valid sources for fonts loaded using @font-face.
frame-src
Specifies valid sources for nested browsing contexts loading using elements such as <frame> and <iframe>.
img-src
Specifies valid sources of images and favicons.
manifest-src
Specifies valid sources of application manifest files.
media-src
Specifies valid sources for loading media using the <audio> , <video> and <track> elements.
object-src
Specifies valid sources for the <object>, <embed>, and <applet> elements.
Elements controlled by object-src are perhaps coincidentally considered legacy HTML elements and are not recieving new standardized features (such as the security attributes sandbox or allow for <iframe>). Therefore it is recommended to restrict this fetch-directive (e.g. explicitly set object-src 'none' if possible).
prefetch-src
Specifies valid sources to be prefetched or prerendered.
script-src
Specifies valid sources for JavaScript.
script-src-elem
Specifies valid sources for JavaScript <script> elements.
script-src-attr
Specifies valid sources for JavaScript inline event handlers.
style-src
Specifies valid sources for stylesheets.
style-src-elem
Specifies valid sources for stylesheets <style> elements and <link> elements with rel="stylesheet".
style-src-attr
Specifies valid sources for inline styles applied to individual DOM elements.
worker-src
Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

문서 태그 및 공헌자

태그: 
이 페이지의 공헌자: bershanskiy, mfuji09, Sheppy, mdnwebdocs-bot, Malvoz, fscholz
최종 변경자: bershanskiy,