Avatar for Username

Søg i Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Læs mere

Denne tråd blev arkiveret. Stil et nyt spørgsmål, hvis du har brug for hjælp.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 svar
  • 1 har dette problem
  • 179 visninger
  • Seneste svar af vinh.vu

vinh.vu
vinh.vu
more options

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Valgt løsning

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Læs dette svar i sammenhæng 👍 0

Alle svar (1)

vinh.vu
vinh.vu Spørgsmålsstiller
more options

Valgt løsning

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438