diff options
Diffstat (limited to 'files/zh-cn/web/http/headers/content-security-policy/font-src/index.html')
| -rw-r--r-- | files/zh-cn/web/http/headers/content-security-policy/font-src/index.html | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/files/zh-cn/web/http/headers/content-security-policy/font-src/index.html b/files/zh-cn/web/http/headers/content-security-policy/font-src/index.html new file mode 100644 index 0000000000..89d24a698c --- /dev/null +++ b/files/zh-cn/web/http/headers/content-security-policy/font-src/index.html @@ -0,0 +1,99 @@ +--- +title: 'CSP: font-src' +slug: Web/HTTP/Headers/Content-Security-Policy/font-src +tags: + - CSP + - HTTP + - 内容安全策略 + - 参考 + - 安全 +translation_of: Web/HTTP/Headers/Content-Security-Policy/font-src +--- +<div>{{HTTPSidebar}}</div> + +<p>HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP 内容安全策略) 中 <code><strong>font</strong></code><strong><code>-src</code></strong> 指令定义了 {{cssxref("@font-face")}} 加载字体的有效源规则。</p> + +<table class="properties"> + <tbody> + <tr> + <th scope="row">CSP 版本</th> + <td>1</td> + </tr> + <tr> + <th scope="row">指令类型</th> + <td>{{Glossary("Fetch directive")}}</td> + </tr> + <tr> + <th scope="row">{{CSP("default-src")}} 替代</th> + <td>是。如果 <code><strong>font</strong></code><strong><code>-src</code></strong> 没有指定,则使用 <code>default-src</code> 指令。</td> + </tr> + </tbody> +</table> + +<h2 id="语法">语法</h2> + +<p><code>font-src</code> 策略可以包含一个或多个源:</p> + +<pre class="syntaxbox">Content-Security-Policy: font-src <source>; +Content-Security-Policy: font-src <source> <source>; +</pre> + +<h3 id="源代码">源代码</h3> + +<p>{{page("Web/HTTP/Headers/Content-Security-Policy/default-src", "Sources")}}</p> + +<h2 id="示例">示例</h2> + +<h3 id="反例">反例</h3> + +<p>给出这个 CSP 头:</p> + +<pre class="brush: bash">Content-Security-Policy: font-src https://example.com/ +</pre> + +<p>以下的字体源将被阻止,不会加载到浏览器中:</p> + +<pre class="brush: html"><style> + @font-face { + font-family: "MyFont"; + src: url("https://not-example.com/font"); + } + body { + font-family: "MyFont"; + } +</style></pre> + +<h2 id="规范">规范</h2> + +<table class="standard-table"> + <tbody> + <tr> + <th scope="col">Specification</th> + <th scope="col">Status</th> + <th scope="col">Comment</th> + </tr> + <tr> + <td>{{specName("CSP 3.0", "#directive-font-src", "font-src")}}</td> + <td>{{Spec2('CSP 3.0')}}</td> + <td>无变化</td> + </tr> + <tr> + <td>{{specName("CSP 1.1", "#directive-font-src", "font-src")}}</td> + <td>{{Spec2('CSP 1.1')}}</td> + <td>首次定义</td> + </tr> + </tbody> +</table> + +<h2 id="浏览器兼容性">浏览器兼容性</h2> + +<p class="hidden">本页的兼容性表是根据结构化的数据生成的。如果你想贡献更多数据,请到 <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> 并给我们发 pull request。</p> + +<p>{{Compat("http.headers.csp.font-src")}}</p> + +<h2 id="See_also">See also</h2> + +<ul> + <li>{{HTTPHeader("Content-Security-Policy")}}</li> + <li>{{cssxref("@font-face")}}</li> +</ul> |