Fragen mit folgendem Schlagwort anzeigen: Alle Fragen anzeigen
  • Gelöst

Content-Security-Policy: frame-ancestors doesn't work

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. Ho… (Lesen Sie mehr)

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

Gefragt von vinh.vu vor 1 Monat

Beantwortet von vinh.vu vor 1 Monat

  • Gelöst
  • Archiviert

document.cookie doesn't work for https://httpbin.org/cookies site in Firefox

I am using `Firefox 73.0.1 (64-bit)` Windows7. `document.cookie = "name=value"` can't add new cookie in Firefox for this site `https://httpbin.org/cookies` but Chrome doe… (Lesen Sie mehr)

I am using `Firefox 73.0.1 (64-bit)` Windows7.

`document.cookie = "name=value"` can't add new cookie in Firefox for this site `https://httpbin.org/cookies` but Chrome does.

I tried with latest Firefox installation with MacOS, it neither add a new cookie.

Could you tell me why? Thanks

Gefragt von TinyFox vor 7 Monaten

Beantwortet von jscher2000 vor 6 Monaten

  • Gelöst
  • Archiviert

Adding a facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site?

Adding a Facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site? I have tried to use all the di… (Lesen Sie mehr)

Adding a Facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site? I have tried to use all the different ways on the CSP language to label the source of the Facebook embed such as frame-ancestors or frame-src, etc. None of the new labels seem to work.

In addition, I have tried changing the configuration on my Browser to active_content -- that did not work. Plus, it would not solve the issue for visitors who do not have their own configurations changes on the default settings of their browser.

I read something about people editing the configuration of their server in the x-frame options. Is that any good, will that do anything? I am hesitant to start editing my server if the changes in the CSP code is supposed to make the embed show up directly in the site. That is preferable to changing the site server.

Please help here. Thank you.

Gefragt von faithdwsn vor 6 Monaten

Beantwortet von jscher2000 vor 6 Monaten

  • Archiviert

error after entering Credit card OTP - An error occurred during a connection to acs7.enstage-sas.com.

Trying to use my Kotak bank credit card online to pay some bills, after entering OTP and proceeding - error comes up - " Blocked by Content Security Policy An error occur… (Lesen Sie mehr)

Trying to use my Kotak bank credit card online to pay some bills, after entering OTP and proceeding - error comes up - " Blocked by Content Security Policy An error occurred during a connection to acs7.enstage-sas.com. Firefox prevented this page from loading in this way because the page has a content security policy that disallows it. " Screenshot attached, used Chrome it worked ok. This used to work before, i used it about 1 month ago. Let me know how I can help.

Gefragt von robp251 vor 6 Monaten

Letzte Antwort von robp251 vor 5 Monaten