Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

Esta discussão foi arquivada. Se precisar de ajuda, por favor, coloque uma nova questão.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 resposta
  • 1 tem este problema
  • 1 visualização
  • Última resposta por vinh.vu

vinh.vu
vinh.vu
more options

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Solução escolhida

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Ler esta resposta no contexto 👍 0

Todas as respostas (1)

vinh.vu
vinh.vu Proprietário da pergunta
more options

Solução escolhida

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438