#2689277: Add ability to configure the child-src CSP directive added support for the CSP directive "child-src", and added this recommendation when editing the directive "frame-src" in the admin form:

This directive is deprecated and will be replaced by child-src. It is recommended to use the both the frame-src and child-src directives until all browsers you support recognize the child-src directive.

The preferred method is now to use "frame-src", see:

Remove the recommendation and leave the option to use both "frame-src" and "child-src" ? Both are valid: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Securi...

CommentFileSizeAuthor
#2 seckit-misleading-recommendation-frame-src.patch861 bytesfengtan

Comments

fengtan created an issue. See original summary.

fengtan’s picture

fengtan
Location Montreal, Canada
commented
Status: Active » Needs review
StatusFileSize
new seckit-misleading-recommendation-frame-src.patch861 bytes

Here is a proposed patch.

fengtan’s picture

fengtan
Location Montreal, Canada
commented
Issue summary: View changes
laryn’s picture

laryn
he/him
commented
Status: Needs review » Reviewed & tested by the community

Looks good to me.