CSP: media-src
Baseline
Widely available
This feature is well established and works across many devices and browser versions. Itâs been available across browsers since â¨2016å¹´8æâ©.
HTTP ã® Content-Security-Policy (CSP) ã«ããã media-src ãã£ã¬ã¯ãã£ãã¯ã <audio> ããã³ <video> è¦ç´ ã使ç¨ãã¦èªã¿è¾¼ãã¡ãã£ã¢ã®æå¹ãªã½ã¼ã¹ãæå®ãã¾ãã
| CSP ãã¼ã¸ã§ã³ | 1 |
|---|---|
| ãã£ã¬ã¯ãã£ãç¨®å¥ | ãã§ãããã£ã¬ã¯ãã£ã |
default-src ã«ããä»£æ¿ |
ããããã®ãã£ã¬ã¯ãã£ãããªãå ´åãã¦ã¼ã¶ã¼ã¨ã¼ã¸ã§ã³ã㯠`default-src` ãã£ã¬ã¯ãã£ããæ¢ãã¾ãã |
æ§æ
Content-Security-Policy: media-src 'none';
Content-Security-Policy: media-src <source-expression-list>;
ãã®ãã£ã¬ã¯ãã£ãã¯ã次ã®ããããã®å¤ãæå®ãããã¨ãã§ãã¾ãã
'none'-
ãã®ç¨®é¡ã®ãªã½ã¼ã¹ã¯èªã¿è¾¼ã¾ãã¾ãããåä¸å¼ç¨ç¬¦ã¯å¿ é ã§ãã
<source-expression-list>-
ã½ã¼ã¹è¡¨ç¾ã®å¤ã空ç½ã§åºåã£ããªã¹ãã§ãããã®ç¨®é¡ã®ãªã½ã¼ã¹ã¯ãæå®ãããã½ã¼ã¹è¡¨ç¾ã®ããããã¨ä¸è´ããå ´åã«èªã¿è¾¼ã¾ãã¾ãããã®ãã£ã¬ã¯ãã£ãã§ã¯ã以ä¸ã®ã½ã¼ã¹è¡¨ç¾ã®å¤ãé©ç¨ã§ãã¾ãã
ä¾
éåããå ´å
ãã® CSP ãããã¼ãããå ´åã
Content-Security-Policy: media-src https://example.com/
以ä¸ã® <audio>, <video>, <track> ã®åè¦ç´ ã¯ãããã¯ãããèªã¿è¾¼ã¾ãã¾ããã
<audio src="https://not-example.com/audio"></audio>
<video src="https://not-example.com/video">
<track kind="subtitles" src="https://not-example.com/subtitles" />
</video>
ä»æ§æ¸
| Specification |
|---|
| Content Security Policy Level 3 # directive-media-src |