Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 antwoord
  • 1 heeft dit probleem
  • 295 weergaven
  • Laatste antwoord van vinh.vu

vinh.vu
vinh.vu
more options

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Gekozen oplossing

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Dit antwoord in context lezen 👍 0

Alle antwoorden (1)

vinh.vu
vinh.vu Vraageigenaar
more options

Gekozen oplossing

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438