We add a content security policy on our sites to prevent the use of external IFrames sources other than ours.
We use .NET and for this we do the following in our web.config.
<add name = "Content-Security-Policy" value = "frame-ancestors 'self' http: //*.ourwebsite1.com http: //*.ourwebsite2.com http: //*.ourwebsite3.com https: / /*.ourwebsite1.com https: //*.ourwebsite2.com https: //*.ourwebsite3.com "/>
It works fine in IE and Chrome, but in Firefox (latest version) we get a message that it is blocked by the content security policy. I know that it is only supported in Firefox 23+, but we all use the latest version.
Any ideas?
source
share