发表新帖
发表新帖

How does Content-Security-Policy work with X-Frame-Options?

后端 未结
关注
3 1320
温柔的废话
温柔的废话 2021-02-02 07:08

Does Content-Security-Policy ignore X-Frame-Options, returned by a server, or is X-Frame-Options still primary?

Assuming that I ha

3条回答
  • Happy的楠姐
    Happy的楠姐 (楼主)
    2021-02-02 07:57

    None of your hypotheses are universally true.

    • Chrome ignores X-Frame-Options.
    • Safari 9 and below ignore CSP frame-ancestors.
    • Safari 10-12 respect the CSP frame-ancestors directive, but prioritize X-Frame-Options if both are specified.

    0 讨论(0)
 看不清?
提交回复
热议问题