initial commit

1 files changed, 106 insertions, 0 deletions

diff --git a/files/zh-cn/web/http/headers/content-security-policy/base-uri/index.html b/files/zh-cn/web/http/headers/content-security-policy/base-uri/index.html
new file mode 100644
index 0000000000..1581c12994
--- /dev/null
+++ b/files/zh-cn/web/http/headers/content-security-policy/base-uri/index.html
@@ -0,0 +1,106 @@
+---
+title: 'CSP: base-uri'
+slug: Web/HTTP/Headers/Content-Security-Policy/base-uri
+tags:
+  - CSP
+  - HTTP
+  - 安全
+  - 指令
+  - 文档指令
+translation_of: Web/HTTP/Headers/Content-Security-Policy/base-uri
+---
+<div>{{HTTPSidebar}}</div>
+
+<p>HTTP 协议 {{HTTPHeader("Content-Security-Policy")}} 首部字段中的 <strong><code>base-uri</code></strong> 指令限制了可以应用于一个文档的 {{HTMLElement("base")}} 元素的 URL。假如指令值为空，那么任何 URL 都是允许的。如果指令不存在，那么用户代理会使用 {{HTMLElement("base")}} 元素中的值。 </p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">CSP version</th>
+   <td>2</td>
+  </tr>
+  <tr>
+   <th scope="row">Directive type</th>
+   <td>{{Glossary("Document directive")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{CSP("default-src")}} fallback</th>
+   <td>No. Not setting this allows anything.</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="语法">语法</h2>
+
+<p>base-uri 安全策略可以设置一个或多个源：</p>
+
+<pre class="syntaxbox">Content-Security-Policy: base-uri &lt;source&gt;;
+Content-Security-Policy: base-uri &lt;source&gt; &lt;source&gt;;
+</pre>
+
+<h3 id="源">源</h3>
+
+<p>{{page("Web/HTTP/Headers/Content-Security-Policy/default-src", "Sources")}}</p>
+
+<h2 id="示例">示例</h2>
+
+<h3 id="Meta_tag_配置">Meta tag 配置</h3>
+
+<pre class="brush: html">&lt;meta http-equiv="Content-Security-Policy" content="base-uri 'self'"&gt;</pre>
+
+<h3 id="Apache_配置">Apache 配置</h3>
+
+<pre class="brush: bash">&lt;IfModule mod_headers.c&gt;
+Header set Content-Security-Policy "base-uri 'self';
+&lt;/IfModule&gt;</pre>
+
+<h3 id="Nginx_配置">Nginx 配置</h3>
+
+<pre class="brush: bash">add_header Content-Security-Policy "base-uri 'self';"</pre>
+
+<h3 id="违犯策略的案例"><em>违犯策略的案例</em></h3>
+
+<p>假如你的域名不是 example.com，那么将 {{HTMLElement("base")}} 元素的 href 属性值设置成 example.com 会违犯 CSP 策略。</p>
+
+<pre class="brush: html; example-bad">&lt;meta http-equiv="Content-Security-Policy" content="base-uri 'self'"&gt;
+&lt;base href="http://example.com/"&gt;
+
+// Error: Refused to set the document's base URI to 'http://example.com/'
+// because it violates the following Content Security Policy
+// directive: "base-uri 'self'"</pre>
+
+<h2 id="规范">规范</h2>
+
+<table class="standard-table">
+ <tbody>
+  <tr>
+   <th scope="col">Specification</th>
+   <th scope="col">Status</th>
+   <th scope="col">Comment</th>
+  </tr>
+  <tr>
+   <td>{{specName("CSP 3.0", "#directive-base-uri", "base-uri")}}</td>
+   <td>{{Spec2('CSP 3.0')}}</td>
+   <td>No changes.</td>
+  </tr>
+  <tr>
+   <td>{{specName("CSP 1.1", "#directive-base-uri", "base-uri")}}</td>
+   <td>{{Spec2('CSP 1.1')}}</td>
+   <td>Initial definition.</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="浏览器兼容性">浏览器兼容性</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http.headers.csp.base-uri")}}</p>
+
+<h2 id="相关内容">相关内容</h2>
+
+<ul>
+ <li>{{HTTPheader("Content-Security-Policy")}}</li>
+ <li>{{HTMLElement("base")}}</li>
+ <li>{{domxref("Node.baseURI")}}</li>
+</ul>