{"blog_title":"My tech diary","provider_url":"https://hatena.blog","title":"HTTP CSP \u306b\u3064\u3044\u3066","provider_name":"Hatena Blog","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Ftearoom6.hateblo.jp%2Fentry%2F2019%2F07%2F07%2F232649\" title=\"HTTP CSP \u306b\u3064\u3044\u3066 - My tech diary\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","categories":["http"],"type":"rich","author_name":"tearoom6","url":"https://tearoom6.hateblo.jp/entry/2019/07/07/232649","blog_url":"https://tearoom6.hateblo.jp/","width":"100%","version":"1.0","image_url":null,"description":"Content-Security-Policy (CSP) CSP \u306f Cross Site Scripting (XSS) \u3084 data injection \u653b\u6483\u3092\u9632\u3050\u305f\u3081\u306e HTTP \u306e\u4ed5\u69d8\u3067\u3059\u3002 CSP \u3092\u6709\u52b9\u306b\u3059\u308b\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u3092\u5b9f\u65bd\u3057\u307e\u3059\u3002 HTTP header \u3067 Content-Security-Policy \u3092\u8fd4\u3059 http Content-Security-Policy: default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com \u2026","height":"190","author_url":"https://blog.hatena.ne.jp/tearoom6/","published":"2019-07-07 23:26:49"}