Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Denc nañu waxtaan wii. Yónneel yeneen laaj soo soxlaa ndimbal.

Content-Security-Policy: frame-ancestors doesn't work

  • 1 tontu
  • 1 am na jafe-jafe bii
  • 151 views
  • i mujjee tontu mooy vinh.vu

vinh.vu
vinh.vu
more options

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work.

I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN

It works fine on Chrome, but not Firefox. I am using Firefox 79.

Is there anything wrong with our headers?

Thank you!

As mentioned here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors, CSP: frame-ancestors is supported from Firefox 33. However, it seems doesn't work. I am trying to embed a 3-party site into our page using an iframe. The 3-party site did whitelist us using these headers - Content-Security-Policy: frame-ancestors 'self' https://*.ourdomain.com - X-Frame-Options: SAMEORIGIN It works fine on Chrome, but not Firefox. I am using Firefox 79. Is there anything wrong with our headers? Thank you!

Saafara biñ tànn

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438

Jàng tontu lii ci fi mu bokk 👍 0

All Replies (1)

vinh.vu
vinh.vu Ki laajte
more options

Saafara yiñ Tànn

There is a bug with nested iframe https://bugzilla.mozilla.org/show_bug.cgi?id=1404438