THANK YOU for this great extension! I'm no programmer, though I can cut and paste with the best of them!!! I only discovered CPS and all it's attendant extras within the last week (I'm ashamed to say), and have been reading and reading, trying to get a handle on stuff. And then trying to implement my own CPS on various sites without luck (usually breaking them! LOL!!).
I thought if I set up a CPS, it would fix an issue I have with just one particular site -
(actually just this one page). It has a ministry scheduler iframed into the page (see the big, white expanse at the bottom!). An Inspect | Console shows this error:
This is what got me started. So I added your plugin, scored an A (only Feature Policy is outstandign as I have no clue what to do with that!)
, yet this error (and failed iframe) persists. I hate frames, but the company that provides this scheduler offers no way to get it into a website other than framing and the client is invested in it.
So, finally, my question. Is this something that the CSP on my client's site can fix, or is it something that Rotunda Software has implemented which is stopping framing? If the former, what do I need to implement in the plugin to fix it? Thanks again. JED review coming!
Feature Policy is relatively new, but my extension supports it. Look in the configuration for the "Feature Policy" tab. You'll need to select which feature is to be enabled. You can enable as many as you wish, there are 13 features total.
Scanning richeyweb.com on securityheaders.io you'll see that my site passes the Feature Policy test.