发表新帖
发表新帖

Content Security Policy directive: "frame-ancestors 'self'

前端 未结
关注
2 1982
眼角桃花
眼角桃花 2020-12-31 00:46

I am embedding an iFrame in my web page, something like this:

var iframeProps = {
        \'data-type\': self.props.type,
        allowTransparency: self.pro
2条回答
  • 时光取名叫无心
    时光取名叫无心 (楼主)
    2020-12-31 00:55

    The content is prohibited from being displayed within an IFRAME due the Content Security Policy being set. The webserver hosting twitter.com is configured to add a HTTP header to the response object. Specifically they are setting the Content-Security-Policy tag to frame-ancestors 'self'. There is no way you'll be able to embed their pages into a page of your own using IFRAME. There are other techniques that you could use to work around that, but none are as simple as an iframe tag.

    W3C Content Security Policy Level 3 - Frame Ancestors

    0 讨论(0)
 看不清?
提交回复
热议问题