Avatar for Username

Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 răspuns
  • 1 are această problemă
  • 1 vizualizare
  • Ultimul răspuns de vinh.vu

vinh.vu
vinh.vu
more options

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Soluție aleasă

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Citește acest răspuns în context 👍 0

Toate răspunsurile (1)

vinh.vu
vinh.vu Deținătorul întrebării
more options

Soluție aleasă

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438