Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-3714

Add header option for Content-Security-Policy

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 0.7.3
    • Fix Version/s: 0.9.0
    • Component/s: conf
    • Labels:
      None
    • Flags:
      Important

      Description

      Chrome doesn't support ALLOWED-FROM on X-Frame-Origins header which can cause troubles when Zeppelin is embedded in an app as an iframe. Adding this as an option solves the problem for allowed origins on Chrome, but will also not interferer with IE/Edge support.

      Source: https://www.keycdn.com/blog/x-frame-options/#3-ALLOW-FROM-uriDirective

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                djthomps Dennis Thompson
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: