html – How to allow external sources in an iframe with a local .htaccess file?-ThrowExceptions

Exception or error:

My .htaccess file in the directory:

Header always set Content-Security-Policy "frame-src 'self' https://xxxx.de; frame-ancestors 'self' https://xxxx.de"

My iframe:

<iframe style="border: 0; position:fixed; top:0; left:0; right:0; bottom:0; width:100%; height:100%;" src="https://xxxx.de/test.html"></iframe>

But the browser says that “Content Security Policy” blocks the website from loading external content. How can I fix this?

How to solve:

There are 2 ways to use Content Security Policy:

1.Either set exact domain path.

2.Set matching domain pattern.

For example 1:

Header always set Content-Security-Policy "frame-src 'self' 
https://xxxx.de/test.html; frame-ancestors 'self' https://xxxx.de/test.html"

For example 2:

Header always set Content-Security-Policy "frame-src 'self' 
https://xxxx.de/*; frame-ancestors 'self' https://xxxx.de/*"

Leave a Reply

Your email address will not be published. Required fields are marked *