[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: last firefox
[Thread Prev] | [Thread Next]
- Subject: Re: last firefox
- From: Benoît Minisini <benoit.minisini@xxxxxxxxxxxxxxxx>
- Date: Sat, 29 Mar 2025 18:22:45 +0100
- To: user@xxxxxxxxxxxxxxxxxxxxxx
Le 29/03/2025 à 17:58, T Lee Davidson a écrit :
On 3/29/25 12:27 PM, Fabien Bodard wrote:New protection system that need an intervention from the user to enable embedded pages[snip]>According to my understanding from the "Learn more…" link on that page, it requires the site(s) administrator, not the user, to make changes. From the page, "Website will not allow Firefox to display the page if another site has embedded it" [1]: "Websites can utilize x-frame options or a content security policy to control whether other websites can embed them."It appears the the X-frame options are to be set by the administrator of the site being embedded. And the Content Security Policy (CSP) is to be set by the admin of the site doing the embedding.The X-frame options can now only disallow embedding. There was a "ALLOW- FROM origin" option, but that is now obsolete. From a quick read, it appears the the SourceForge page needs to issue a CSP header similar to:Content-Security-Policy: default-src 'self' gambaswiki.org; img-src 'self' gambaswiki.org[1] https://support.mozilla.org/en-US/kb/xframe-neterror-page? as=u&utm_source=inproduct
Mmm... I really have to host the website (just one HTML page) elsewhere now.It's funny that nowadays, the more secure webbrowser are, the more internet is full of pages filled with junk ads and articles vomited by ChatGPT.
Regards, -- Benoît Minisini.
| Re: last firefox | Fabien Bodard <gambas.fr@xxxxxxxxx> |
| last firefox | Philippe Valarcher <philippe.valarcher@xxxxxxx> |
| Re: last firefox | Yahoo <olivier.cruilles@xxxxxxxx> |
| Re: last firefox | Fabien Bodard <gambas.fr@xxxxxxxxx> |
| Re: last firefox | T Lee Davidson <t.lee.davidson@xxxxxxxxx> |