Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update coolwsd.xml.in add concrete link to frame-ancestor #10551

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update coolwsd.xml.in add concrete link to frame-ancestor #10551

wants to merge 1 commit into from

Conversation

meven
Copy link
Contributor

@meven meven commented Nov 20, 2024

cc @hfiguiere

  • Resolves: #
  • Target version: master

Summary

TODO

  • ...

Checklist

  • I have run make prettier-write and formatted the code.
  • All commits have Change-Id
  • I have run tests with make check
  • I have issued make run and manually verified that everything looks okay
  • Documentation (manuals or wiki) has been updated or is not required

@meven
Copy link
Contributor Author

meven commented Nov 20, 2024

Better to link to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

hfiguiere
hfiguiere reviewed Nov 20, 2024
View reviewed changes
coolwsd.xml.in Outdated
@@ -184,7 +184,7 @@
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Localhost access by name">localhost</host>
</lok_allow>
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"></content_security_policy>
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See https://www.w3.org/TR/CSP2/#directive-frame-ancestors"></content_security_policy>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it allow more than just frame ancestors. Maybe it the next line should include a link to frame-ancestors CSP part of the deprecation.

@hfiguiere
Copy link
Contributor

CI failed because of lack of change-id.

@meven
Update coolwsd.xml.in add concrete link to frame-ancestor
4b2ed66 
Signed-off-by: Méven Car <[email protected]>
Change-Id: I95f186820737c29bb2aa177db3bf07d40188c839
hfiguiere
hfiguiere reviewed Nov 20, 2024
View reviewed changes
coolwsd.xml.in
connect-src 'self' collabora-online-server.local;
frame-src 'self' server-to-inject-iframe-from.xyz;
connect-src 'self' server-to-inject-js-from.io
-->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

having a frame-ancestors example would help too as it is the main use for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hfiguiere hfiguiere hfiguiere left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Collabora Online
Status: To Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@meven @hfiguiere