发表新帖
发表新帖

How does Content-Security-Policy work with X-Frame-Options?

后端 未结
关注
3 1277
温柔的废话
温柔的废话 2021-02-02 07:08

Does Content-Security-Policy ignore X-Frame-Options, returned by a server, or is X-Frame-Options still primary?

Assuming that I ha

3条回答
  • 时光取名叫无心
    时光取名叫无心 (楼主)
    2021-02-02 07:52

    The answer was found by testing in practice.
    I have created two web-sites and reproduced the described situation.

    It seems like X-Frame-Options is primary.
    If target server denies framing, then client website cannot display this page in iframe whichever values of Content-Security-Policy are set.

    However, I haven't found any confirmations in documentation.

    Tested on Chrome 54 and IE 11.

    0 讨论(0)
 看不清?
提交回复
热议问题