- From: Dong-Young Lee <dongyoung.lee@lge.com>
- Date: Thu, 20 Dec 2012 10:11:34 +0900
- To: <public-html-ig-ko@w3.org>
- Message-ID: <008301cdde4e$f4b413b0$de1c3b10$@lge.com>
ÀÌ¿ø¼® ¹Ú»ç´Ô ¾È³çÇϼ¼¿ä. ³×, ±×·¸°Ô ÇÏÁö¿ä. (CommentÇÏ¸é ½ÃÅ°½Ç±îºÁ Çұ±î Çß¾ú´Âµ¥¡¦ ¿ª½Ã³ª³×¿ä. J ) Ȥ½Ã 1¿ù¿¡ ½Ã°£ÀÌ ¾ÈµÇ¸é ±× ´ÙÀ½ ´Þ¿¡ Çصµ µÇ°ÚÁö¿ä? °¨»çÇÕ´Ï´Ù. À̵¿¿µ µå¸² From: Wonsuk Lee [mailto:wonsuk73@gmail.com] Sent: Thursday, December 20, 2012 9:54 AM To: Dong-Young Lee Cc: public-html-ig-ko@w3.org Subject: Re: AN INTRODUCTION TO CONTENT SECURITY POLICY À̵¿¿µ ¹Ú»ç´Ô. Á¦°¡ ÀÌÇØÇÑ ¹Ù·Î´Â CSP´Â HTTP Header¿¡ Ãß°¡ÀûÀ¸·Î ±¸ÇöÀ» ÇÒ ºÎºÐÀº ¾øÀ» °Í °°½À´Ï´Ù^^ ±×¸®°í Ȥ½Ã 1¿ù KIG ȸÀÇ¿¡¼ CSP¿Í CORS¿¡ ´ëÇؼ Á¤¸®Çؼ ¹ßÇ¥ÇØ ÁÖ½Ç ¼ö ÀÖÀ»±î¿ä? Âü°í·Î 1¿ù KIG ȸÀÇ´Â 1/24ÀÏ(¸ñ)¿¡ NHN »ç¿Á¿¡¼ ȸÀǸ¦ °³ÃÖÇÒ ¿¹Á¤ÀÔ´Ï´Ù~ ÀÌ¿ø¼® µå¸². 2012³â 11¿ù 19ÀÏ ¿ÀÀü 10:05, Dong-Young Lee <dongyoung.lee@lge.com>´ÔÀÇ ¸»: ¸»¾¸ÇϽŠ°Íó·³ same origin policy°¡ ´ë¿øÄ¢Àε¥, legacy code¿Í ±× µ¿¾ÈÀÇ ½À°ü ¶§¹®¿¡ À̸¦ enforceÇÏ´Â °ÍÀÌ ½±Áö ¾ÊÀº »óȲÀÎ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù. Á¦°¡ ÀÌÇØÇϱâ·Î´Â CORS³ª CSP³ª ¸ðµÎ HTTP header·Î µ¿ÀÛÇϱ⠶§¹®¿¡ ¼¹ö Áö¿øÀÌ ÇÊ¿äÇÕ´Ï´Ù¸¸, ¼¹ö¿¡¼ ±¸ÇöÇÒ ³»¿ëÀº ¾ó¸¶ µÇÁö ¾ÊÀ» °Í °°½À´Ï´Ù. CORS¿Í CSPÀÇ Â÷ÀÌÁ¡Àº CORS´Â resource¸¦ ÁÖ´Â ÂÊ (Æ÷ÇԵǴ ÂÊ), CSP´Â ¹Þ´Â ÂÊ (Æ÷ÇÔÇÏ´Â ÂÊ)ÀÇ policy¶ó´Â Á¡ÀÔ´Ï´Ù. ÀúÇÑÅ×´Â CSP°¡ ´õ Á÷°üÀûÀ̳׿ä. °¨»çÇÕ´Ï´Ù. -- ========================================= ÀÌ ¿ø ¼® (Wonsuk, Lee) / Principal Engineer, Ph.D SAMSUNG ELECTRONICS Co., LTD. (ß²àøï³í) Mobile: +82-10-5800-3997 E-mail: wonsuk11.lee@samsung.com, wonsuk73@gmail.com http://www.wonsuk73.com/, twitter: @wonsuk73 ----------------------------------------- Inspire the World, Create the Future !!! =========================================
Received on Thursday, 20 December 2012 01:12:19 UTC