Loading...

將Google字型fonts.googleapis.com新增到CSP header 中

Temperature: 0 °C

Mark ChangMark Chang
author_tools

Content Security Policy (CSP) 內容安全政策
主要用來限制網頁中對外部的請求來源(例如:css,js(ajax,ws),webfont,img,video,iframe等等)
但這樣直接限制下去往往會影響到網站的正常運作。
以下是以.htaccess來開放Google字型fonts.googleapis.com

<IfModule mod_headers.c>
Header set Content-Security-Policy " \
default-src 'self'; \
img-src 'self' data:; \
font-src 'self' https://fonts.gstatic.com/; \
style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';\
"</IfModule>

以白名單的形式允許信任的外部來源

以上紀錄~

#故事  #CSP  #Content Security Policy  #內容安全政策  #Google字型  #白名單  
https://innstory.com/story-將Google字型fontsgoogleapiscom新增到CSP_header_中-2799
apache PHP

Prev
 如何將_a_href_禁用

Next
分享_【東京奧運開幕典禮】超級變變變!超創意呈現1964年的50個靜態項目圖標 

About the Author

Mark Chang

離不開電腦的宅男

Visitor message

Leave some footprints to prove that you visited me

Recommended reading

Author's other related stories

mysql 查詢數據資料是否有重複

mysql 查詢數據資料是否...

pexelsphoto5 有沒有試過資料庫裡上萬筆資料卻不知道是不是有重複的數據? 這時你一定要試試...

分享 斜槓青年正夯,什麼都會才是王道?他舉賈伯斯、巴菲特為例,勸你萬萬不可跨領域-風傳媒

分享 斜槓青年正夯,什麼都會...

巴菲特:「了解自己的能力圈,待在裡面。這個圈圈到底有多大其實無關緊要。知道圈圈的邊線究竟在哪則非常重...

當XAMPP遇到VMWARE占用PORT 443導致無法啟動APACHE

當XAMPP遇到VMWARE...

在使用XAMPP時,若系統有安裝 VMWare Workstation,VMWare會將 port ...

Please select an option

error

Hi, thank you for your participation, but you cannot vote repeatedly~

Join innstory now and start recording your story.

"Innstory" is a place to store stories. We are committed to becoming a warm platform. Deepening the bonds between people is our direction.
We are convinced that the blockchain between people is not just a cold calculation. Join us now.

Wrong format