Unable to set multiple values to the frame-ancestors directive of the content-security-policy header
karamvirs opened this issue · 2 comments
karamvirs commented
Hi,
I need to set the frame-ancestors directive to multiple URIs. But only this seems to work.
frame-ancestors' => [ 'self' => true, ],
I tried to add it like:
'frame-ancestors' => [ 'URI1' => true, 'URI2' => true, ],
doesnt work.
Also tried some other ways.
How can I add multiple URIs other than just specifying self
?
bepsvpt commented
self
is a special flag to indicate the same origin of the current request.
If you want to add URLs, you should use the allow
key, e.g.
'frame-ancestors' => [
'allow' => [
'URI1',
'URI2',
],
],
karamvirs commented
Awesome, that worked. Thanks a lot.