We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
According to MDN the use of this header is deprecated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Apparently it's supposed to be replaced by the frame-ancestors CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
frame-ancestors
I'm no expert, but it seems like to implement what was X-Frame-Options DENY is now this in CSP:
X-Frame-Options DENY
Header always set Content-Security-Policy "frame-ancestors 'none';"
add_header Content-Security-Policy "frame-ancestors 'none';";
"Content-Security-Policy" => "frame-ancestors 'self' https://myhomeassistant.mydomain.tld;"
Disclaimer: All of this is untested
The text was updated successfully, but these errors were encountered:
No branches or pull requests
According to MDN the use of this header is deprecated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Apparently it's supposed to be replaced by the
frame-ancestorsCSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestorsI'm no expert, but it seems like to implement what was
X-Frame-Options DENYis now this in CSP:Header always set Content-Security-Policy "frame-ancestors 'none';"add_header Content-Security-Policy "frame-ancestors 'none';";"Content-Security-Policy" => "frame-ancestors 'self' https://myhomeassistant.mydomain.tld;"Disclaimer: All of this is untested
The text was updated successfully, but these errors were encountered: