[Logo] Enterprise Client Community
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
Update 20221024 security headers  XML
Forum Index -> Development
Author Message
mreich

Power User
[Avatar]

Joined: 30/01/2009 08:34:23
Messages: 744
Offline

Hi,

it seems that iframe integration stops to work due new headers, maybe you can fix the img-src (you use image-src what's wrong) and at a general iframe-src

like
Code:
content-security-policy="default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src * data:"


regards
Markus
[WWW]
CaptainCasa

Power User
[Avatar]

Joined: 21/11/2007 12:23:06
Messages: 5510
Offline

Hi Markus,

yes the wording in the template file is wrong and must be "img-src". The default value that we use internally is correct:

Code:
 default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; img-src * data:


@frame-src: by default "default-src" is used if "frame.src" is not explicitly defined.

Kind regards! Björn

Björn Müller, CaptainCasa GmbH
 
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team