Отображение вопросов с тегом: Показать все вопросы
  • Решено
  • Архивировано

Adding a facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site?

Adding a Facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site? I have tried to use all the di… (читать ещё)

Adding a Facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site? I have tried to use all the different ways on the CSP language to label the source of the Facebook embed such as frame-ancestors or frame-src, etc. None of the new labels seem to work.

In addition, I have tried changing the configuration on my Browser to active_content -- that did not work. Plus, it would not solve the issue for visitors who do not have their own configurations changes on the default settings of their browser.

I read something about people editing the configuration of their server in the x-frame options. Is that any good, will that do anything? I am hesitant to start editing my server if the changes in the CSP code is supposed to make the embed show up directly in the site. That is preferable to changing the site server.

Please help here. Thank you.

Задан faithdwsn 1 год назад

Дан ответ jscher2000 1 год назад

  • Решено
  • Архивировано

Content-Security-Policy: frame-ancestors doesn't work

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. Ho… (читать ещё)

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

Задан vinh.vu 1 год назад

Дан ответ vinh.vu 1 год назад

  • Решено
  • Архивировано

document.cookie doesn't work for https://httpbin.org/cookies site in Firefox

I am using `Firefox 73.0.1 (64-bit)` Windows7. `document.cookie = "name=value"` can't add new cookie in Firefox for this site `https://httpbin.org/cookies` but Chrome doe… (читать ещё)

I am using `Firefox 73.0.1 (64-bit)` Windows7.

`document.cookie = "name=value"` can't add new cookie in Firefox for this site `https://httpbin.org/cookies` but Chrome does.

I tried with latest Firefox installation with MacOS, it neither add a new cookie.

Could you tell me why? Thanks

Задан TinyFox 1 год назад

Дан ответ jscher2000 1 год назад