Nasi wolontariusze nie przetłumaczyli jeszcze tego artykułu na język Polski. Dołącz do nas i pomóż go przetłumaczyć!
Można także przeczytać artykuł w języku: English (US).

CSP fetch directives are used in a Content-Security-Policy header and control locations from which certain resource types may be loaded. For instance, script-src allows developers to allow trusted sources of script to execute on a page, while font-src controls the sources of web fonts.

All fetch directives fall back to default-src. That means, if a fetch directive is absent in the CSP header, the user agent will look for the default-src directive.

List of CSP fetch directives

child-src
Defines the valid sources for web workers and nested browsing contexts loaded using elements such as <frame> and <iframe>.

Instead of child-src, authors who wish to regulate nested browsing contexts and workers should use the frame-src and worker-src directives, respectively.

connect-src
Restricts the URLs which can be loaded using script interfaces
default-src
Serves as a fallback for the other fetch directives.
font-src
Specifies valid sources for fonts loaded using @font-face.
frame-src
Specifies valid sources for nested browsing contexts loading using elements such as <frame> and <iframe>.
img-src
Specifies valid sources of images and favicons.
manifest-src
Specifies valid sources of application manifest files.
media-src
Specifies valid sources for loading media using the <audio> , <video> and <track> elements.
object-src
Specifies valid sources for the <object>, <embed>, and <applet> elements.
Elements controlled by object-src are perhaps coincidentally considered legacy HTML elements and are not recieving new standardized features (such as the security attributes sandbox or allow for <iframe>). Therefore it is recommended to restrict this fetch-directive (e.g. explicitly set object-src 'none' if possible).
prefetch-src
Specifies valid sources to be prefetched or prerendered.
script-src
Specifies valid sources for JavaScript.
script-src-elem
Specifies valid sources for JavaScript <script> elements.
script-src-attr
Specifies valid sources for JavaScript inline event handlers.
style-src
Specifies valid sources for stylesheets.
style-src-elem
Specifies valid sources for stylesheets <style> elements and <link> elements with rel="stylesheet".
style-src-attr
Specifies valid sources for inline styles applied to individual DOM elements.
worker-src
Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

Autorzy i etykiety dokumentu

Etykiety: 
Ostatnia aktualizacja: bershanskiy,