Closed Bug 1343934 Opened 7 years ago Closed 7 years ago

x-frame-options should be ignored if CSP frame-ancestors directive is present

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1024557

People

(Reporter: bkelly, Unassigned)

Details

Ben Kelly [:bkelly, not reviewing]

Reporter

Description

•

7 years ago

Spec for CSP v2:

https://www.w3.org/TR/CSP2/#frame-ancestors-and-frame-options

Test from blink repo that could be upstreams:

https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html?sq=package:chromium&q=frame-ancestors-and-x-frame&l=11

Daniel Veditz [:dveditz]

Updated

•

7 years ago

Status: NEW → RESOLVED

Closed: 7 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

x-frame-options should be ignored if CSP frame-ancestors directive is present

Categories

(Core :: DOM: Security, defect)

Tracking

()

People

(Reporter: bkelly, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated