CSP: font-src
Baseline
Widely available
This feature is well established and works across many devices and browser versions. Itâs been available across browsers since â¨2016å¹´8æâ©.
HTTP ã® Content-Security-Policy (CSP) ã«ããã font-src ãã£ã¬ã¯ãã£ãã¯ã @font-face ã«ãã£ã¦èªã¿è¾¼ã¾ãããã©ã³ãã®æå¹ãªã½ã¼ã¹ãæå®ãã¾ãã
| CSP ãã¼ã¸ã§ã³ | 1 |
|---|---|
| ãã£ã¬ã¯ãã£ãç¨®å¥ | ãã§ãããã£ã¬ã¯ãã£ã |
default-src ã«ããä»£æ¿ |
ããããã®ãã£ã¬ã¯ãã£ãããªãå ´åãã¦ã¼ã¶ã¼ã¨ã¼ã¸ã§ã³ãã¯
default-src ãã£ã¬ã¯ãã£ããæ¢ãã¾ãã
|
æ§æ
Content-Security-Policy: font-src <source>;
Content-Security-Policy: font-src <source> <source>;
ãã®ãã£ã¬ã¯ãã£ãã¯ã次ã®ããããã®å¤ãæå®ãããã¨ãã§ãã¾ãã
'none'-
ãã®ç¨®é¡ã®ãªã½ã¼ã¹ã¯èªã¿è¾¼ã¾ãã¾ãããåä¸å¼ç¨ç¬¦ã¯å¿ é ã§ãã
<source-expression-list>-
ã½ã¼ã¹è¡¨ç¾ã®å¤ã空ç½ã§åºåã£ããªã¹ãã§ãããã®ç¨®é¡ã®ãªã½ã¼ã¹ã¯ãæå®ãããã½ã¼ã¹è¡¨ç¾ã®ããããã¨ä¸è´ããå ´åã«èªã¿è¾¼ã¾ãã¾ãããã®ãã£ã¬ã¯ãã£ãã§ã¯ã以ä¸ã®ã½ã¼ã¹è¡¨ç¾ã®å¤ãé©ç¨ã§ãã¾ãã
ä¾
éåãã¦ããå ´å
ãã® CSP ãããã¼ããã£ãã¨ãã¾ãã
Content-Security-Policy: font-src https://example.com/
以ä¸ã®ãã©ã³ããªã½ã¼ã¹ã®èªã¿è¾¼ã¿ã¯ãããã¯ãããèªã¿è¾¼ã¾ãã¾ããã
<style>
@font-face {
font-family: "MyFont";
src: url("https://not-example.com/font");
}
body {
font-family: "MyFont";
}
</style>
ä»æ§æ¸
| Specification |
|---|
| Content Security Policy Level 3 # directive-font-src |