Windows 10 reached EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 antwurd
  • 1 hat dit probleem
  • 145 werjeftes
  • Lêste antwurd fan vinh.vu

vinh.vu
vinh.vu
mear opsjes

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Keazen oplossing

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (1)

vinh.vu
vinh.vu Fraacheigener
mear opsjes

Keazen oplossing

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438