Added relation to XFO header.

w3c · Feb 11, 2014 · 2363528 · 2363528
1 parent 6b4396a
commit 2363528
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/specs/content-security-policy/csp-specification.dev.html b/specs/content-security-policy/csp-specification.dev.html
@@ -1445,6 +1445,11 @@ <h4><code>frame-ancestors</code></h4>
         each ancestor. If any ancestor doesn't match, the load
         is cancelled.</p>
 
+        <p>The <code>frame-ancestors</code> directive <em>obsoletes</em> the
+        <code>X-Frame-Options</code> header.   If a resource has both policies,
+        the <code>frame-ancestors</code> policy SHOULD be enforced and the 
+        <code>X-Frame-Options</code> policy SHOULD be ignored.</p>
+
         <p>When generating a violation report for a <code>frame-ancestors</code> violation,
         the user agent MUST NOT include the value of the embedding ancestor as a
         <code>blocked-uri</code> value unless it is same-origin with the protected resource,