{"id":916,"date":"2026-05-20T09:56:49","date_gmt":"2026-05-20T01:56:49","guid":{"rendered":"https:\/\/junai.ai\/blog\/nodejs-security-helmet-cors-24\/"},"modified":"2026-05-20T09:56:49","modified_gmt":"2026-05-20T01:56:49","slug":"nodejs-security-helmet-cors-24","status":"publish","type":"post","link":"https:\/\/junai.ai\/blog\/nodejs-security-helmet-cors-24\/","title":{"rendered":"\ubcf4\uc548 \uae30\ucd08 \u2014 helmet\u00b7cors\u00b7rate-limit"},"content":{"rendered":"\n<!-- WordPress REST API \ubc1c\ud589\uc6a9 HTML (\uc790\ub3d9 \uc0dd\uc131) -->\n<!-- WP-FEATURED-MEDIA-ID: 862 -->\n<div style=\"max-width:800px;margin:0 auto;\">\n<style>\n:root {--color-primary:#059669;--color-accent:#10b981;--color-bg:#fafbfc;--color-bg-card:#fff;--color-text:#1a202c;--color-text-muted:#64748b;--hero-start:#064e3b;--hero-end:#059669;}\n*{box-sizing:border-box;}\n.container{max-width:760px;margin:0 auto;padding:0 24px 80px;}\n.hero{background:linear-gradient(135deg,var(--hero-start) 0%,var(--hero-end) 100%);color:#fff;padding:80px 24px 60px;text-align:center;}\n.hero .eyebrow{display:inline-block;font-size:14px;color:#6ee7b7;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;margin-bottom:14px;}\n.hero h1{font-size:36px;margin:0 0 16px;line-height:1.3;font-weight:800;}\n.hero p{color:#d1fae5;font-size:18px;max-width:640px;margin:0 auto;line-height:1.6;}\n.hero img{width:100%;max-width:640px;height:auto;margin:32px auto 0;border-radius:10px;display:block;}\narticle{padding-top:48px;}\narticle h2{font-size:26px;margin:56px 0 20px;padding-left:14px;border-left:5px solid var(--color-accent);line-height:1.4;}\narticle h3{font-size:19px;margin:32px 0 12px;color:var(--color-primary);}\narticle p{margin:16px 0;}\narticle strong{color:var(--color-primary);font-weight:700;}\narticle code{background:#d1fae5;padding:2px 8px;border-radius:4px;font-family:'SF Mono',Menlo,Consolas,monospace;font-size:14px;color:#065f46;}\n.databox{background:#d1fae5;border-left:4px solid var(--color-accent);padding:16px 20px;margin:24px 0;border-radius:0 8px 8px 0;font-size:15.5px;}\n.databox strong{color:var(--color-primary);}\n.warnbox{background:linear-gradient(135deg,#fef3c7 0%,#fde68a 100%);padding:16px 20px;margin:24px 0;border-radius:8px;font-size:15.5px;}\n.tablewrap{overflow-x:auto;-webkit-overflow-scrolling:touch;margin:22px 0;}\ntable{width:100%;border-collapse:collapse;font-size:15px;background:var(--color-bg-card);}\nth,td{padding:11px 12px;text-align:left;border-bottom:1px solid #e2e8f0;vertical-align:top;}\nth{background:#f1f5f9;font-weight:700;color:#0f172a;}\ntd:first-child,th:first-child{font-weight:700;}\n@media (max-width:560px){.tablewrap table,.tablewrap thead,.tablewrap tbody,.tablewrap tr,.tablewrap th,.tablewrap td{display:block;width:auto;}.tablewrap thead{display:none;}.tablewrap tr{margin:0 0 14px;border:1px solid #e2e8f0;border-radius:10px;overflow:hidden;}.tablewrap td{border:none;border-bottom:1px solid #f1f5f9;padding:9px 14px;}.tablewrap td:first-child{background:#f1f5f9;font-weight:800;font-size:15.5px;}.tablewrap td:last-child{border-bottom:none;}.tablewrap td[data-label]::before{content:attr(data-label) \" \u2014 \";font-weight:700;color:var(--color-primary);}}\n.code-block{background:#0f172a;color:#e2e8f0;padding:16px 20px;border-radius:8px;font-family:'SF Mono',Menlo,Consolas,monospace;font-size:14px;line-height:1.6;margin:20px 0;overflow-x:auto;white-space:pre;}\n.cta{background:linear-gradient(135deg,#059669 0%,#10b981 100%);color:#fff;padding:28px 24px;border-radius:12px;margin:48px 0 0;text-align:center;}\n.cta h3{color:#fff;margin:0 0 8px;font-size:20px;}\n.cta p{color:#d1fae5;margin:0;font-size:15.5px;}\n.footer-nav{margin-top:32px;padding-top:20px;border-top:1px solid #e2e8f0;font-size:14px;color:var(--color-text-muted);}\n.footer-nav a{color:var(--color-primary);text-decoration:none;}\n@media (max-width:480px){.hero h1{font-size:26px;}.hero p{font-size:16px;}article h2{font-size:21px;}article h3{font-size:17px;}body{font-size:16px;}}\n<\/style>\n<section class=\"hero\">\n  <span class=\"eyebrow\">Node.js \uad50\uc7ac \u00b7 24\ud3b8 \u00b7 \ubcf4\uc548<\/span>\n  <h1>\ubcf4\uc548 \uae30\ucd08 \u2014 helmet\u00b7cors\u00b7rate-limit<\/h1>\n  <p>\uc138 \ub77c\uc774\ube0c\ub7ec\ub9ac \ud55c \uc904\uc529 \ucd94\uac00\ud558\uba74 \uae30\ubcf8 \uacf5\uaca9 80% \uac00 \ucc28\ub2e8\ub41c\ub2e4.<\/p>\n  <img decoding=\"async\" src=\"https:\/\/junai.ai\/blog\/wp-content\/uploads\/2026\/05\/hero-5-93.jpg\" alt=\"\ubcf4\uc548 \ubc29\ud328\uac00 \uc545\uc131 \uc694\uccad\uc744 \ub9c9\ub294 \ucee8\uc149 \uc77c\ub7ec\uc2a4\ud2b8\">\n<\/section>\n\n<div class=\"container\">\n<article>\n\n<p>\uc778\uc99d\u00b7DB\u00b7\uac80\uc99d\uc740 \uc55e\uc5d0\uc11c \ub2e4\ub918\ub2e4. \uadf8 \uc678 <strong>HTTP \ub2e8<\/strong>\uc5d0\uc11c \ub9c9\uc544\uc57c \ud560 \uacf5\uaca9\uc774 \ub610 \ud55c \ubb36\uc74c \u2014 XSS\u00b7clickjacking\u00b7MIME sniffing\u00b7CSRF\u00b7CORS \uc6b0\ud68c\u00b7\ubb34\ucc28\ubcc4 \ub300\uc785\u00b7DDoS. \ub2e4\ud589\ud788 \ud55c \uc904 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub4e4\uc774 \ud45c\uc900\uc73c\ub85c \ub2e4 \ud574\uacb0.<\/p>\n\n<p>\uc774\ubc88 \ud3b8\uc740 Express \ubc31\uc5d4\ub4dc\uc758 <strong>\uae30\ubcf8 \ubc29\uc5b4 4\uc885<\/strong> \u2014 helmet\u00b7cors\u00b7rate-limit\u00b7HTTPS \uac15\uc81c. \uadf8 \uc704 \uc751\uc6a9\uc740 OWASP Top 10 \ubcc4 \uc815\uc2dd \uac00\uc774\ub4dc.<\/p>\n\n<h2>1. helmet \u2014 HTTP \ubcf4\uc548 \ud5e4\ub354 12\uc885 \ud55c \uc904<\/h2>\n\n<p>\ube0c\ub77c\uc6b0\uc800\uc5d0 &#8220;\uc774 \uc0ac\uc774\ud2b8\ub294 \uc548\uc804\ud55c \uc815\ucc45\uc73c\ub85c \ub3d9\uc791\ud569\ub2c8\ub2e4&#8221; \ub97c \uc54c\ub824\uc8fc\ub294 HTTP \ud5e4\ub354\ub4e4. \uc9c1\uc811 \ub2e4 \uc801\uc73c\uba74 30\uc904, helmet \uc73c\ub85c \ud55c \uc904.<\/p>\n\n<div class=\"code-block\">$ npm install helmet<\/div>\n\n<div class=\"code-block\">import helmet from &#8216;helmet&#8217;;\napp.use(helmet());<\/div>\n\n<p>\uc774 \ud55c \uc904\uc774 \uc801\uc6a9\ud558\ub294 \ud5e4\ub354:<\/p>\n\n<div class=\"tablewrap\">\n<table>\n<thead><tr><th>\ud5e4\ub354<\/th><th>\ub9c9\ub294 \uac83<\/th><\/tr><\/thead>\n<tbody>\n<tr><td><code>Content-Security-Policy<\/code><\/td><td data-label=\"\uc5ed\ud560\">XSS, \uc678\ubd80 \uc2a4\ud06c\ub9bd\ud2b8 \uc8fc\uc785<\/td><\/tr>\n<tr><td><code>X-Frame-Options<\/code><\/td><td data-label=\"\uc5ed\ud560\">clickjacking (iframe \uc73c\ub85c \uc0ac\uc774\ud2b8 \uac00\ub9ac\uae30)<\/td><\/tr>\n<tr><td><code>X-Content-Type-Options<\/code><\/td><td data-label=\"\uc5ed\ud560\">MIME sniffing (.txt \uac00 .js \ub85c \uc2e4\ud589)<\/td><\/tr>\n<tr><td><code>Strict-Transport-Security<\/code><\/td><td data-label=\"\uc5ed\ud560\">HTTPS \uac15\uc81c (HSTS)<\/td><\/tr>\n<tr><td><code>Referrer-Policy<\/code><\/td><td data-label=\"\uc5ed\ud560\">referrer \ub204\ucd9c \uc81c\ud55c<\/td><\/tr>\n<tr><td><code>X-DNS-Prefetch-Control<\/code><\/td><td data-label=\"\uc5ed\ud560\">DNS \uc0ac\uc804 \uc870\ud68c \ucc28\ub2e8<\/td><\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\n<p>CSP \uac00 \uac00\uc7a5 \uac15\ub825\ud558\uc9c0\ub9cc \uac00\uc7a5 \uae4c\ub2e4\ub85c\uc6c0 \u2014 \uc778\ub77c\uc778 \uc2a4\ud06c\ub9bd\ud2b8\u00b7\uc678\ubd80 CDN \uc4f0\uba74 \uc815\ucc45 \ud480\uc5b4\uc57c. \uccab \uc801\uc6a9 \uc2dc \ube0c\ub77c\uc6b0\uc800 \ucf58\uc194 \ubcf4\uba74\uc11c \uc815\ucc45 \uc870\uc815.<\/p>\n\n<h2>2. cors \u2014 origin \ud5c8\uc6a9 \ubaa9\ub85d \uc815\ud655\ud788<\/h2>\n\n<p>14\ud3b8\uc758 \uc9c1\uc811 \uad6c\ud604 \ub300\uc2e0 \ud45c\uc900 \ud328\ud0a4\uc9c0.<\/p>\n\n<div class=\"code-block\">$ npm install cors<\/div>\n\n<div class=\"code-block\">import cors from &#8216;cors&#8217;;\n\n\/\/ \u274c \ubaa8\ub4e0 origin \ud5c8\uc6a9 \u2014 \ub370\ubaa8\uc6a9, production \uae08\uc9c0\napp.use(cors());\n\n\/\/ \u2705 \uba85\uc2dc\uc801 \ud5c8\uc6a9 \ubaa9\ub85d\napp.use(cors({\n  origin: [&#8216;https:\/\/junai.ai&#8217;, &#8216;https:\/\/www.junai.ai&#8217;, &#8216;http:\/\/localhost:3000&#8217;],\n  credentials: true,                     \/\/ \ucfe0\ud0a4 \ud5c8\uc6a9\n  methods: [&#8216;GET&#8217;, &#8216;POST&#8217;, &#8216;PUT&#8217;, &#8216;DELETE&#8217;],\n}));<\/div>\n\n<div class=\"warnbox\">\n<strong>\ucd5c\uc545\uc758 \uc0ac\uace0<\/strong> \u2014 <code>app.use(cors())<\/code> \ub9cc \uc801\uc73c\uba74 <strong>\ubaa8\ub4e0 origin \ud5c8\uc6a9<\/strong>. \uc989 \ub204\uad6c\ub098 \uc5b4\ub514\uc11c\ub098 \ubcf8\uc778 API \ub97c \ubd80\ub97c \uc218 \uc788\ub2e4. CSRF\u00b7\uc2e0\uc6a9\uce74\ub4dc \uacb0\uc81c \uc0ac\uace0 1\uc704. \ubc18\ub4dc\uc2dc <strong>\uba85\uc2dc origin \ubc30\uc5f4<\/strong>. \uc640\uc77c\ub4dc\uce74\ub4dc (<code>*<\/code>) + <code>credentials: true<\/code> \ub294 \ube0c\ub77c\uc6b0\uc800\uac00 \uac70\ubd80\ud558\uc9c0\ub9cc, \uadf8\ub798\ub3c4 \uba85\uc2dc \uc548 \ud558\ub294 \uac83 \uc790\uccb4\uac00 \uc704\ud5d8.\n<\/div>\n\n<h2>3. express-rate-limit \u2014 \ubb34\ucc28\ubcc4 \ub300\uc785\u00b7\ubd07 \ucc28\ub2e8<\/h2>\n\n<p>1\ucd08\uc5d0 1\ub9cc \ubc88 \ub85c\uadf8\uc778 \uc2dc\ub3c4\ud558\ub294 \ubd07 \ucc28\ub2e8. \ud55c IP \uc758 \uc694\uccad\uc744 \uc2dc\uac04\ub2f9 N\ud68c\ub85c \uc81c\ud55c.<\/p>\n\n<div class=\"code-block\">$ npm install express-rate-limit<\/div>\n\n<div class=\"code-block\">import rateLimit from &#8216;express-rate-limit&#8217;;\n\n\/\/ \uc804\uc5ed \u2014 \uc77c\ubc18 API\nconst apiLimiter = rateLimit({\n  windowMs: 15 * 60 * 1000,    \/\/ 15\ubd84\n  limit: 100,                   \/\/ IP \ub2f9 100 \uc694\uccad\n  standardHeaders: &#8216;draft-7&#8217;,\n  legacyHeaders: false,\n});\napp.use(&#8216;\/api\/&#8217;, apiLimiter);\n\n\/\/ \uc778\uc99d \ub77c\uc6b0\ud2b8 \u2014 \ub354 \ube61\ube61\nconst authLimiter = rateLimit({\n  windowMs: 15 * 60 * 1000,\n  limit: 5,                     \/\/ 15\ubd84 5\ud68c\ub9cc\n  skipSuccessfulRequests: true, \/\/ \uc131\uacf5\uc740 \uce74\uc6b4\ud2b8 \uc548 \ud568\n});\napp.use(&#8216;\/api\/auth\/login&#8217;, authLimiter);<\/div>\n\n<p>\ub85c\uadf8\uc778\uc740 <strong>\uc2e4\ud328\ub9cc \uce74\uc6b4\ud2b8<\/strong>(<code>skipSuccessfulRequests<\/code>) \u2014 \uc815\uc0c1 \uc0ac\uc6a9\uc790\ub294 \uc601\ud5a5 \uc5c6\uace0 \ubb34\ucc28\ubcc4 \ub300\uc785\ub9cc \ucc28\ub2e8. 5\ubd84 5\ud68c \ud328\ud134\uc774 \ud45c\uc900.<\/p>\n\n<div class=\"databox\">\n<strong>Redis backed \uad8c\uc7a5<\/strong> \u2014 \uae30\ubcf8 \uba54\ubaa8\ub9ac \uc800\uc7a5\uc740 cluster\u00b7\uc5ec\ub7ec \uc778\uc2a4\ud134\uc2a4 \ud658\uacbd\uc5d0\uc11c \uc548 \ub9de\uc74c(\uac01 \uc778\uc2a4\ud134\uc2a4\uac00 \ub2e4\ub978 \uce74\uc6b4\ud2b8). production \uc740 <code>rate-limit-redis<\/code> \ub85c Redis \uacf5\uc720 \uc800\uc7a5\uc18c. 23\ud3b8 cluster + 24\ud3b8 Redis \uc758 \uacb0\ud569.\n<\/div>\n\n<h2>4. HTTPS \uac15\uc81c \u2014 production \ud544\uc218<\/h2>\n\n<p>HTTP \ub85c \ube44\ubc00\ubc88\ud638 \ubcf4\ub0b4\uba74 \uce74\ud398 \uc640\uc774\ud30c\uc774\uc5d0\uc11c \ub3c4\uccad. <strong>production \uc740 \ubb34\uc870\uac74 HTTPS<\/strong>. Vercel\u00b7Cloudflare \uac19\uc740 \ud638\uc2a4\ud305\uc740 \uc790\ub3d9, \uc790\uccb4 \uc11c\ubc84\ub294 nginx + Let&#8217;s Encrypt.<\/p>\n\n<p>\uadf8\ub798\ub3c4 \ub204\uac00 HTTP \ub85c \uc811\uc18d\ud558\uba74 \u2014 \ub9ac\ub514\ub809\ud2b8:<\/p>\n\n<div class=\"code-block\">\/\/ \ud504\ub85d\uc2dc \ub4a4\uc5d0\uc11c (Vercel\u00b7nginx \uc77c\ubc18)\napp.set(&#8216;trust proxy&#8217;, 1);\n\napp.use((req, res, next) =&gt; {\n  if (\n    process.env.NODE_ENV === &#8216;production&#8217; &#038;&#038;\n    req.headers[&#8216;x-forwarded-proto&#8217;] !== &#8216;https&#8217;\n  ) {\n    return res.redirect(301, `https:\/\/${req.hostname}${req.url}`);\n  }\n  next();\n});<\/div>\n\n<p>helmet \uc758 <code>Strict-Transport-Security<\/code> \uac00 \uac19\uc774 \ucf1c\uc838 \uc788\uc5b4\uc57c \uc9c4\uc815\ud55c HTTPS \uac15\uc81c \u2014 \ud55c \ubc88 https \uc811\uc18d\ud55c \ube0c\ub77c\uc6b0\uc800\uac00 \uadf8 \ub3c4\uba54\uc778\uc744 \uc601\uc6d0\ud788 https \ub85c\ub9cc \uae30\uc5b5.<\/p>\n\n<h2>5. \ud1b5\ud569 \ud45c\uc900 \uc138\ud305<\/h2>\n\n<p>\uc2e4\uc804 production \uc11c\ubc84\uc758 \uc2dc\uc791 \ubd80\ubd84 \u2014 \ud55c \ubaa8\ub4c8\ub85c \ubb36\uc5b4\ub460.<\/p>\n\n<div class=\"code-block\">\/\/ security.js\nimport helmet from &#8216;helmet&#8217;;\nimport cors from &#8216;cors&#8217;;\nimport rateLimit from &#8216;express-rate-limit&#8217;;\n\nexport function applySecurity(app, env) {\n  app.set(&#8216;trust proxy&#8217;, 1);\n\n  app.use(helmet({\n    contentSecurityPolicy: env.NODE_ENV === &#8216;production&#8217;,\n  }));\n\n  app.use(cors({\n    origin: env.ALLOWED_ORIGINS.split(&#8216;,&#8217;),\n    credentials: true,\n  }));\n\n  app.use(&#8216;\/api\/&#8217;, rateLimit({\n    windowMs: 15 * 60 * 1000,\n    limit: 100,\n  }));\n\n  app.use(&#8216;\/api\/auth\/&#8217;, rateLimit({\n    windowMs: 15 * 60 * 1000,\n    limit: 5,\n    skipSuccessfulRequests: true,\n  }));\n}\n\n\/\/ server.js\nimport { applySecurity } from &#8216;.\/security.js&#8217;;\napplySecurity(app, env);<\/div>\n\n<p><strong>OWASP Top 10 \uc758 6~7\uac1c<\/strong> \uac00 \uc774 \ud55c \ubaa8\ub4c8\ub85c \uc790\ub3d9 \ucc28\ub2e8. \ub098\uba38\uc9c0(SQL Injection\u00b7XSS\u00b7\uc778\uc99d\u00b7\ubbfc\uac10 \uc815\ubcf4 \ub178\ucd9c \ub4f1)\ub294 \uc55e \ucc55\ud130\ub4e4\uc5d0\uc11c \ucee4\ubc84. \ubcf4\uc548 \uc0ac\uace0 \uc2e0\ubb38\uc5d0 \uc548 \ub098\ub294 \uac8c \uccab \ubaa9\ud45c.<\/p>\n\n<h3>\uc694\uc57d \u2014 24\ud3b8 \uc88c\ud45c<\/h3>\n\n<p>\uc5ec\uae30\uae4c\uc9c0 \uc815\ub9ac. 4\uc885 \ud45c\uc900 \ubc29\uc5b4 \u2014 <strong>helmet<\/strong>(HTTP \ubcf4\uc548 \ud5e4\ub354 12\uc885), <strong>cors<\/strong>(\uba85\uc2dc origin \ubc30\uc5f4, \uc640\uc77c\ub4dc\uce74\ub4dc \uae08\uc9c0), <strong>express-rate-limit<\/strong>(15\ubd84 100\ud68c \uc77c\ubc18, 5\ud68c \uc778\uc99d), <strong>HTTPS \ub9ac\ub514\ub809\ud2b8 + HSTS<\/strong>. <code>applySecurity()<\/code> \ud55c \ubaa8\ub4c8\ub85c \ubb36\uc5b4 production \uc11c\ubc84 \uc2dc\uc791 \uc2dc \uc77c\uad04 \uc801\uc6a9. CSP \ub294 \uac00\uc7a5 \uac15\ub825\ud558\uc9c0\ub9cc \uac00\uc7a5 \uae4c\ub2e4\ub85c\uc6c0. \ub2e4\uc74c \ud3b8(\ub9c8\uc9c0\ub9c9 \ub458 \uc911 \uccab\uc9f8)\uc5d0\uc11c <strong>\ubc30\ud3ec \u2014 PM2\u00b7Docker<\/strong>.<\/p>\n\n<div class=\"cta\">\n<h3>\ub2e4\uc74c \ud3b8 \uc608\uace0 \u2014 \ubc30\ud3ec PM2\u00b7Docker<\/h3>\n<p>PM2 \ud504\ub85c\uc138\uc2a4 \ub9e4\ub2c8\uc800, Docker \ucee8\ud14c\uc774\ub108\ud654. 25\ud3b8.<\/p>\n<\/div>\n\n<div class=\"footer-nav\">\n\uc2dc\ub9ac\uc988 \u00b7 <a href=\"https:\/\/junai.ai\/blog\/category\/nodejs\/\">\uc27d\uac8c \ubc30\uc6b0\ub294 Node.js<\/a> \u00b7 \uc774\uc804: <a href=\"https:\/\/junai.ai\/blog\/nodejs-cluster-worker-23\/\">Ch.23 cluster\u00b7worker<\/a>\n<\/div>\n\n<\/article>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Express \ubcf4\uc548 \u2014 helmet HTTP \ud5e4\ub354\u00b7cors origin\u00b7rate-limit\u00b7HTTPS \uac15\uc81c. \ud55c \uc904\uc529 \ud45c\uc900 \ubc29\uc5b4. \uad50\uc7ac 24\ud3b8.<\/p>\n","protected":false},"author":1,"featured_media":862,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-916","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nodejs"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/posts\/916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/comments?post=916"}],"version-history":[{"count":0,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/posts\/916\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/media\/862"}],"wp:attachment":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/media?parent=916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/categories?post=916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/tags?post=916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}