Release 2.4.1-dh: :bug: [DH#606] Update CSP frame-ancestors directive · open-formulieren/open-forms

2.4.1-dh
a46dee1
Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.

Learn about vigilant mode
Choose a tag to compare

Filter

View all tags

2.4.1-dh: :bug: [DH#606] Update CSP frame-ancestors directive

2.4.1-dh
a46dee1
Choose a tag to compare

Filter

View all tags
Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.

Learn about vigilant mode

sergei-maertens tagged this 28 Nov 15:47

The configuration of CSP frame-ancestors conflicted with the X-Frame-
Options header configuration (set to DENY). We do not support using
frames of any kind (frame, iframe, object, embed) and thus
X_FRAME_OPTIONS is set to DENY. This results in the X-Frame-Options
HTTP response header, which is obsoleted by the Content Security
Policy frame-ancestors directive. The equivalent configuration to block
all frames is to set it to 'none' rather than 'self'.

For more context, see:

* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Backport-of: #3635

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!