CSP for 'frame-ancestors' and 'report-uri' is ignored when delivered via a

Back to Forums

Jeremy Kuang

Question

Reactive

Security

Application Type

Reactive

Service Studio Version

11.53.11 (Build 61107)

Platform Version

11.15.0 (Build 34858)

I am getting the following to errors in the Chrome Browser developer console with enabling of CSP in LifeTime for a specific App.

The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a element.

The Content Security Policy directive 'report-uri' is ignored when delivered via a element.

I have tried disabling CSP in LifeTime and the <meta> tags that specifies the CSPs are also gone so it should not have been added outside of enabling the CSP in LifeTime.

11 Aug 2022

Nordin Ahdi

MVP

Hi Jeremy,

The issue might not be related to your OutSystems application webpage, but with the page you're trying to embed in an iframe.

Is the page you're trying to load in an iframe also originated from an OutSystems app? If it originates from an external source, you might need to allow that page to be loaded in an iframe to begin with.

Regards,

Nordin

15 Aug 2022

Nabil Kriden

@Nordin Ahdi , I got the same problem, using google, apple and facebook login. How can I allow frames to be displayed. Please do not say set frame-ancestors to :

https://*.google.com

https://accounts.google.com
self
Because everyone is replying with that answer and its not sufficiant; same error ..

25 Nov 2022

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines