We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
On the root path of oCIS, we get two content-security-policy headers. One has a static frame-ancestors 'self' config
content-security-policy
frame-ancestors 'self'
Have one header content-security-policy reflecting my oCIS csp configuration.
The second header seems to be statically set to frame-ancestors 'self' and always there, even if I have a more sophisticated CSP config
The text was updated successfully, but these errors were encountered:
This additional header probably originates here:
ocis/services/web/pkg/middleware/silentrefresh.go
Lines 7 to 13 in a7a10f8
Sorry, something went wrong.
And what it actually does: it takes precedence over the frame-ancestors policy in the first header...
frame-ancestors
No branches or pull requests
Describe the bug
On the root path of oCIS, we get two
content-security-policy
headers. One has a staticframe-ancestors 'self'
configSteps to reproduce
Expected behavior
Have one header
content-security-policy
reflecting my oCIS csp configuration.Actual behavior
Further context
The second header seems to be statically set to
frame-ancestors 'self'
and always there, even if I have a more sophisticated CSP configThe text was updated successfully, but these errors were encountered: