[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: last firefox
[Thread Prev] | [Thread Next]
- Subject: Re: last firefox
- From: T Lee Davidson <t.lee.davidson@xxxxxxxxx>
- Date: Sat, 29 Mar 2025 12:58:17 -0400
- To: user@xxxxxxxxxxxxxxxxxxxxxx
On 3/29/25 12:27 PM, Fabien Bodard wrote:
New protection system that need an intervention from the user to enable embedded pages
[snip]>According to my understanding from the "Learn more…" link on that page, it requires the site(s) administrator, not the user, to make changes. From the page, "Website will not allow Firefox to display the page if another site has embedded it" [1]:
"Websites can utilize x-frame options or a content security policy to control whether other websites can embed them."It appears the the X-frame options are to be set by the administrator of the site being embedded. And the Content Security Policy (CSP) is to be set by the admin of the site doing the embedding.
The X-frame options can now only disallow embedding. There was a "ALLOW-FROM origin" option, but that is now obsolete. From a quick read, it appears the the SourceForge page needs to issue a CSP header similar to:
Content-Security-Policy: default-src 'self' gambaswiki.org; img-src 'self' gambaswiki.org [1] https://support.mozilla.org/en-US/kb/xframe-neterror-page?as=u&utm_source=inproduct -- Lee --- Gambas User List Netiquette [https://gambaswiki.org/wiki/doc/netiquette] ---- --- Gambas User List Archive [https://lists.gambas-basic.org/archive/user] ----
| Re: last firefox | Benoît Minisini <benoit.minisini@xxxxxxxxxxxxxxxx> |
| last firefox | Philippe Valarcher <philippe.valarcher@xxxxxxx> |
| Re: last firefox | Yahoo <olivier.cruilles@xxxxxxxx> |
| Re: last firefox | Fabien Bodard <gambas.fr@xxxxxxxxx> |