Content Security Policy – Replace frame-src (deprecated) with child-src

  • Resolved felxb

    (@felxb)


    6 years, 3 months ago

    Hi,

    Thanks for the wonderful plugin.

    Content Security Policy “frame-src” being deprecated in favour of “child-src” you might want to update the functionality to be found under “Content Security Policy” section of “Browser Cache” admin page.

    Hopefully you can fix this in a future release.

    Best,

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    6 years, 3 months ago

    Hello @felxb

    Thank you for your suggestion.
    The frame-src directive was deprecated in Content-Security-Policy level 2 in favor of child-src (which was introduced in level2). It was then undeprecated in level 3 to replace child-src again (although child-src is still available and not deprecated.
    child-src
    Defines the valid sources for web workers and nested browsing contexts loaded using elements such as <frame> and <iframe>.
    Instead of child-src, authors who wish to regulate nested browsing contexts and workers should use the frame-src and worker-src directives, respectively.
    Thank you!

Viewing 1 replies (of 1 total)

The topic ‘Content Security Policy – Replace frame-src (deprecated) with child-src’ is closed to new replies.

Tags