Zobrazenie otázok označených: Zobraziť všetky otázky
  • Vyriešené

Content-Security-Policy: frame-ancestors doesn't work

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. Ho… (čítať viac)

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

Otázku položil(a) vinh.vu Pred 3 mesiacmi

Na otázku odpovedal(a) vinh.vu Pred 3 mesiacmi

  • Vyriešené
  • Archivované

Adding a facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site?

Adding a Facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site? I have tried to use all the di… (čítať viac)

Adding a Facebook iframe to my page cannot be fixed by using new Content Security Protocol language, how do I get it to show up on my site? I have tried to use all the different ways on the CSP language to label the source of the Facebook embed such as frame-ancestors or frame-src, etc. None of the new labels seem to work.

In addition, I have tried changing the configuration on my Browser to active_content -- that did not work. Plus, it would not solve the issue for visitors who do not have their own configurations changes on the default settings of their browser.

I read something about people editing the configuration of their server in the x-frame options. Is that any good, will that do anything? I am hesitant to start editing my server if the changes in the CSP code is supposed to make the embed show up directly in the site. That is preferable to changing the site server.

Please help here. Thank you.

Otázku položil(a) faithdwsn Pred 8 mesiacmi

Na otázku odpovedal(a) jscher2000 Pred 8 mesiacmi

  • Vyriešené
  • Archivované

document.cookie doesn't work for https://httpbin.org/cookies site in Firefox

I am using `Firefox 73.0.1 (64-bit)` Windows7. `document.cookie = "name=value"` can't add new cookie in Firefox for this site `https://httpbin.org/cookies` but Chrome doe… (čítať viac)

I am using `Firefox 73.0.1 (64-bit)` Windows7.

`document.cookie = "name=value"` can't add new cookie in Firefox for this site `https://httpbin.org/cookies` but Chrome does.

I tried with latest Firefox installation with MacOS, it neither add a new cookie.

Could you tell me why? Thanks

Otázku položil(a) TinyFox Pred 9 mesiacmi

Na otázku odpovedal(a) jscher2000 Pred 9 mesiacmi