DescriptionCSP: 'frame-ancestors' should override 'x-frame-options'.
As specified in [1], the 'frame-ancestors' CSP directive should take
control of the access checks when loading a document. In particular,
the 'x-frame-options' header should be ignored if a 'frame-ancestors'
directive is present and enforced.
[1]: https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options
BUG=510423
R=estark@chromium.org
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201959
Patch Set 1 #
Total comments: 2
Messages
Total messages: 6 (1 generated)
|