📜  csp 标头与元标记 - 任何代码示例

📅  最后修改于: 2022-03-11 14:55:11.477000             🧑  作者: Mango

代码示例1
There are two ways to deliver a CSP to a browser:
- Request header for the document
- Meta tag of the document

Content-Security-Policy delivery through HTTP supports some extra features 
compared to delivery via a HTML meta element, such as: 
- Content-Security-Policy-Report-Only 
- report-uri
- frame-ancestors
- sandbox directives.

If you dont use those features it doesnt matter what way you pick.