CSP: img-src

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since August 2016.

The HTTP Content-Security-Policy: img-src 지시어는 이미지 및 파비콘에 대하여 유효한 출처를 지정합니다.

CSP version 1
Directive type Fetch directive
default-src fallback Yes. If this directive is absent, the user agent will look for the default-src directive.

Syntax

img-src 정책에 대해 하나 이상의 출처를 허용 할 수 있습니다.

Content-Security-Policy: img-src <source>;
Content-Security-Policy: img-src <source> <source>;

Sources

<source> can be any one of the values listed in CSP Source Values.

Note that this same set of values can be used in all fetch directives (and a number of other directives).

Examples

Violation cases

CSP 헤더가 주어질 때:

bash
Content-Security-Policy: img-src https://example.com/

아래의 <img> 태그가 차단되어 불러오지 않습니다:

html
<img src="https://not-example.com/foo.jpg" alt="example picture" />

명세서

Specification
Content Security Policy Level 3
# directive-img-src

브라우저 호환성

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
img-src

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support

See also