bepsvpt/secure-headers

Unable to set multiple values to the frame-ancestors directive of the content-security-policy header

karamvirs opened this issue · 2 comments

Hi,
I need to set the frame-ancestors directive to multiple URIs. But only this seems to work.
frame-ancestors' => [ 'self' => true, ],

I tried to add it like:
'frame-ancestors' => [ 'URI1' => true, 'URI2' => true, ],
doesnt work.
Also tried some other ways.

How can I add multiple URIs other than just specifying self?

self is a special flag to indicate the same origin of the current request.

If you want to add URLs, you should use the allow key, e.g.

'frame-ancestors' => [
    'allow' => [
        'URI1',
        'URI2',
    ],
],

Awesome, that worked. Thanks a lot.