Add the frame-ancestors directive for the CSP
Closed this issue · 1 comments
remofernando commented
Hello,
I see there are only few directives allowed for the CSP header.
private $defaultDirectives = [
'connect-src' => "'self'",
'font-src' => "'self'",
'frame-src' => "'self'",
'img-src' => "'self' data:",
'manifest-src' => "'self'",
'object-src' => "'self'",
'prefetch-src' => "'self'",
'script-src' => "'self' 'unsafe-inline'",
'style-src' => "'self' 'unsafe-inline'",
'media-src' => "'self'",
'form-action' => "'self'",
'worker-src' => "'self'",
];
It would be great if someone could add frame-ancestors directive and other directives additional to the above $defaultDirectives
Thank you,
Remo
karster commented
Hello Remo,
thank you for using this package and your suggestion. From version 2.1.1 you can add all directive to headers witch you want.