<p>html 인라인 css나 자바스크립트가 안되더라구요.</p>
<p>인라인 css나 자바스크립트를 허용하려면</p>
<p>서버에서 응답할때 header 정보에 CSP관련 정보를 허용해 주면 되나요?</p>

<p>안녕하세요. 매실님</p>
<p>facebook 같은곳에서는 해당 기능을 사용하는 것으로 알고 있습니다.</p>
<p>facebook의 http 응답 header 정보를 확인하면 다음을 확인할 수 있습니다.</p>
<div class="header-value source-code" style="box-sizing: border-box; min-width: 0px; min-height: 0px; font-family: var(--source-code-font-family); white-space: pre-wrap; display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px; color: inherit; font-size: var(--source-code-font-size)  !important;">
<ul>
<li role="treeitem" tabindex="0" class="selected force-white-icons" aria-selected="true" style="box-sizing: border-box; min-width: 0px; min-height: 12px; outline-width: 0px; text-overflow: ellipsis; white-space: nowrap; position: relative; display: block; align-items: center; padding-left: 5px; line-height: 20px; margin-top: 1px; margin-left: 10px; color: var(--selection-fg-color);">
<div class="header-name" style="box-sizing: border-box; min-width: 0px; min-height: 0px; color: inherit; display: inline-block; margin-right: 0.25em; font-weight: bold; vertical-align: top; white-space: pre-wrap;">content-security-policy:</div>
<span class="header-separator" style="box-sizing: border-box; min-width: 0px; min-height: 0px; user-select: none; color: inherit;"></span>
<div class="header-value source-code" style="box-sizing: border-box; min-width: 0px; min-height: 0px; font-family: var(--source-code-font-family); white-space: pre-wrap; display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px; color: inherit; font-size: var(--source-code-font-size)  !important;">default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://api.mapbox.com https://*.tiles.mapbox.com;block-all-mixed-content;upgrade-insecure-requests;</div>
</li>
</ul>
<p></p>
<div class="header-value source-code" style="box-sizing: border-box; min-width: 0px; min-height: 0px; font-family: var(--source-code-font-family); display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px; color: inherit; font-size: var(--source-code-font-size)  !important;"></div>
</div>
<p><a href="https://developers.google.com/web/fundamentals/security/csp/?hl=ko" target="_blank" rel="noopener noreferrer">content security policy</a>에 대한 자세한 내용은 해당 링크를 확인해주세요.<a href="https://developers.google.com/web/fundamentals/security/csp/?hl=ko" target="_blank" rel="noopener noreferrer"></a></p>
<p>감사합니다.</p>
<ol class="children expanded" role="group" style="box-sizing: border-box; min-width: 0px; min-height: 0px; list-style-type: none; padding-left: 10px; padding-bottom: 5px; border-bottom: 1px solid #e0e0e0; color: #303942; font-family: '.SFNSDisplay-Regular', 'Helvetica Neue', 'Lucida Grande', sans-serif; font-size: 12px;">
<ol class="children expanded" role="group" style="box-sizing: border-box; min-width: 0px; min-height: 0px; list-style-type: none; padding-left: 10px; padding-bottom: 5px; border-bottom: 1px solid #e0e0e0; color: #303942; font-family: '.SFNSDisplay-Regular', 'Helvetica Neue', 'Lucida Grande', sans-serif; font-size: 12px;">
<li role="treeitem" tabindex="0" class="selected force-white-icons" aria-selected="true" style="box-sizing: border-box; min-width: 0px; min-height: 12px; outline-width: 0px; text-overflow: ellipsis; white-space: nowrap; position: relative; display: block; align-items: center; padding-left: 5px; line-height: 20px; margin-top: 1px; margin-left: 10px; color: var(--selection-fg-color);"></li>
</ol>
</ol>
<p></p>

인프런 커뮤니티 질문&답변

content security policy 는 서버에서 응답할때 지정해 주니요?