SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

CSP Plugin

More
3 months 1 week ago #34164 by trogladyte
CSP Plugin was created by trogladyte
The SEO guy working on www.loveandcarehvac.com contacted me saying he can't get a frame to work. When I looked at the settings in the plugin (after doing an inspect on the page www.loveandcarehvac.com/frame which I was using to test with) I see that I had, incorrectly, set x-frame-options to samesite. I changed it to OFF, but the problem persisted. I disabled the plugin, then deleted and reinstalled it. The problem persists.

I have cleared my cache, but it won't work. I don't think I have any other extension that's doing it. Any thoughts? Thanks.
Attachments:

Please Log in or Create an account to join the conversation.

More
2 months 3 weeks ago #34187 by michael
Replied by michael on topic CSP Plugin
I think you're misunderstanding how X-Frame-Options is used.

developer.mozilla.org/en-US/docs/Web/HTT...ders/X-Frame-Options

It doesn't determine what frames can be displayed on your site (that's the CSP frame-src setting), it determines which sites can display your site in an iframe.

So, if you take a look at headers sent by www.google.com - they set the X-Frame-Options to samesite, meaning browsers should reject embedding this URL into a frame.

It isn't you, it's Google.

Try embedding something from your own site for testing and I think you'll find that it works fine.

Michael :)

Please Log in or Create an account to join the conversation.

More
2 months 2 weeks ago #34188 by trogladyte
Replied by trogladyte on topic CSP Plugin
Ah, thank you Michael. You're right, I really didn't understand - that's the problem with some like me who knows just enough to be dangerous! Appreciate the response.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Powered by Kunena Forum