Avatar for Username

Mozilla Destek’te Ara

Destek dolandırıcılığından kaçının. Mozilla sizden asla bir telefon numarasını aramanızı, mesaj göndermenizi veya kişisel bilgilerinizi paylaşmanızı istemez. Şüpheli durumları “Kötüye kullanım bildir” seçeneğini kullanarak bildirebilirsiniz.

Learn More

Bu başlık arşivlendi. Yardıma ihtiyacınız varsa lütfen yeni bir soru sorun.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 yanıt
  • 1 kişi bu sorunu yaşıyor
  • 280 gösterim
  • Son yanıtı yazan: vinh.vu

vinh.vu
vinh.vu
more options

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Seçilen çözüm

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Bu yanıtı konu içinde okuyun 👍 0

Tüm Yanıtlar (1)

vinh.vu
vinh.vu Sorunun sahibi
more options

Seçilen çözüm

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438