Add the frame-ancestors directive for the CSP

Question

Add the frame-ancestors directive for the CSP

Closed this issue 3 years ago · 1 comments

Hello,

I see there are only few directives allowed for the CSP header.

private $defaultDirectives = [
    'connect-src' => "'self'",
    'font-src' => "'self'",
    'frame-src' => "'self'",
    'img-src' => "'self' data:",
    'manifest-src' => "'self'",
    'object-src' => "'self'",
    'prefetch-src' => "'self'",
    'script-src' => "'self' 'unsafe-inline'",
    'style-src' => "'self' 'unsafe-inline'",
    'media-src' => "'self'",
    'form-action' => "'self'",
    'worker-src' => "'self'",
];

It would be great if someone could add frame-ancestors directive and other directives additional to the above $defaultDirectives

Thank you,
Remo

Answer 1 · 2021-06-30T13:07:29.000Z

Hello Remo,

thank you for using this package and your suggestion. From version 2.1.1 you can add all directive to headers witch you want.