Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-3714

Add header option for Content-Security-Policy

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 0.7.3
    • 0.9.0
    • conf
    • None
    • Important

    Description

      Chrome doesn't support ALLOWED-FROM on X-Frame-Origins header which can cause troubles when Zeppelin is embedded in an app as an iframe. Adding this as an option solves the problem for allowed origins on Chrome, but will also not interferer with IE/Edge support.

      Source: https://www.keycdn.com/blog/x-frame-options/#3-ALLOW-FROM-uriDirective

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #3141

          Activity

            People

              Unassigned Unassigned
              djthomps Dennis Thompson
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: