- From: Dong-Young Lee <dongyoung.lee@lge.com>
- Date: Mon, 19 Nov 2012 10:05:55 +0900
- To: <public-html-ig-ko@w3.org>
- Message-ID: <007701cdc5f2$072fc0e0$158f42a0$@lge.com>
¾È³çÇϼ¼¿ä. ¸»¾¸ÇϽŠ°Íó·³ same origin policy°¡ ´ë¿øÄ¢Àε¥, legacy code¿Í ±× µ¿¾ÈÀÇ ½À°ü ¶§¹®¿¡ À̸¦ enforceÇÏ´Â °ÍÀÌ ½±Áö ¾ÊÀº »óȲÀÎ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù. Á¦°¡ ÀÌÇØÇϱâ·Î´Â CORS³ª CSP³ª ¸ðµÎ HTTP header·Î µ¿ÀÛÇϱ⠶§¹®¿¡ ¼¹ö Áö¿øÀÌ ÇÊ¿äÇÕ´Ï´Ù¸¸, ¼¹ö¿¡¼ ±¸ÇöÇÒ ³»¿ëÀº ¾ó¸¶ µÇÁö ¾ÊÀ» °Í °°½À´Ï´Ù. CORS¿Í CSPÀÇ Â÷ÀÌÁ¡Àº CORS´Â resource¸¦ ÁÖ´Â ÂÊ (Æ÷ÇԵǴ ÂÊ), CSP´Â ¹Þ´Â ÂÊ (Æ÷ÇÔÇÏ´Â ÂÊ)ÀÇ policy¶ó´Â Á¡ÀÔ´Ï´Ù. ÀúÇÑÅ×´Â CSP°¡ ´õ Á÷°üÀûÀ̳׿ä. °¨»çÇÕ´Ï´Ù. À̵¿¿µ µå¸² From: Wonsuk Lee [mailto:wonsuk73@gmail.com] Sent: Saturday, November 17, 2012 4:04 PM To: public-html-ig-ko@w3.org Subject: AN INTRODUCTION TO CONTENT SECURITY POLICY ¾È³çÇϼ¼¿ä. Web App¿¡¼ º¸¾È¿¡ ´ëÇÑ À̽´µéÀÌ ÀÖ½À´Ï´Ù. °¡Àå ÀϹÝÀûÀÎ °³³äÀº same origin policyÀ̸ç, ÀÌ¿Ü¿¡µµ CORS(Cross Origin Resource Sharing)ÀÌ Àִµ¥ CORSÀÇ °³³äÀº Server¿¡¼ °ü·Ã ±â´ÉÀ» Áö¿øÇØ¾ß Çϱ⠶§¹®¿¡ DeployÇϱⰡ ½±Áö ¾Ê´Ù´Â ´ÜÁ¡ÀÌ ÀÖ½À´Ï´Ù. ÀÌ·± »óȲ¿¡¼ CSP(CONTENT SECURITY POLICY)°¡ Áß¿äÇÑ Ç¥ÁØÀ¸·Î ´ëµÎ°¡ µÇ°í ÀÖ½À´Ï´Ù. ¸¶Ä§ HTML5ROCKS¿¡ Àß Á¤¸®µÈ articleÀÌ ÀÖ¾î °¡´ÉÇϸé Â÷±â KIG ȸÀÇ¿¡¼ º» ³»¿ëÀ» ´Ù·ç¾úÀ¸¸é ÇÕ´Ï´Ù~^^ [1], [2] ³»¿ëÀ» ±â¹ÝÀ¸·Î Á¤¸®ÇØÁÖ½Ç Volunteer¸¦ ã½À´Ï´Ù~^^ [1] http://www.html5rocks.com/en/tutorials/security/content-security-policy/ [2] http://www.w3.org/TR/CSP/ ÀÌ¿ø¼® µå¸².
Received on Monday, 19 November 2012 01:06:27 UTC