0

What I tried to do is to embed an iframe into a website and was faced with Content Security Policy. I know this question was asked before, but I couldn’t find any working solution.

Error message: Content security policy: 'x-frame-options' will affect because of 'frame-ancestors' directive.

What I tried so far, using the Apache module “mod_headers”:

  • Header unset X-Frame-Options Header unset Content-Security-Policy
  • Header always set Content-Security-Policy "frame-ancestors 'self';"
  • Header always set X-Frame-Options "SAMEORIGIN"
  • Header always setX-Frame-Options "ALLOW-FROM https://mydomain

Any idea to get iframes embed, though Content security policy?

loxlay
  • 11
  • 3
  • Remove all Header and test using `Header always set Content-Security-Policy "frame-ancestors 'self';"` – Pandurang May 27 '20 at 07:19
  • thanks, I did a test with this, removed all other header and still get: Content security policy: 'x-frame-options' will affect because of 'frame-ancestors' directive. – loxlay May 27 '20 at 13:40
  • where did you observe this error? – Pandurang May 27 '20 at 13:47
  • I got one message in firefox: Firefox prevented this page from loading in this way because the page has a content security policy that disallows it. And one in firebug: Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive. – loxlay May 28 '20 at 10:48

0 Answers0