Hi All,
I am trying to open a site (some intranet) into an TIWUrlWindow, but I am not able to see it. Chrome console shows:
Refused to frame 'http://anhost.mydomain.com:8880/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
Is that server refusing to be iFramed ? I already followed Jose Nilton's post about headers injection.
Thank You
/Claudio
Hmmm..... Does not makes sense tweaking IW side. Even turning off headers injection the error still the same, so it seems just their policy.....
I am trying to open a site (some intranet) into an TIWUrlWindow, but I am not able to see it. Chrome console shows:
Refused to frame 'http://anhost.mydomain.com:8880/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
Is that server refusing to be iFramed ? I already followed Jose Nilton's post about headers injection.
Code:
void __fastcall TIWServerController::IWServerControllerBaseAfterDispatch(THttpRequest *Request,
THttpReply *aReply)
{
aReply->AddHeader("Content-Security-Policy",
"default-src " + System::Sysutils::QuotedStr("self") + " http: " + System::Sysutils::QuotedStr("unsafe-inline") + " " + System::Sysutils::QuotedStr("unsafe-eval") + "; " +
"frame-src " + System::Sysutils::QuotedStr("self") + " http: " + System::Sysutils::QuotedStr("unsafe-inline") + " " + System::Sysutils::QuotedStr("unsafe-eval") + "; " +
"script-src " + System::Sysutils::QuotedStr("self") + " http: " + System::Sysutils::QuotedStr("unsafe-inline") + " " + System::Sysutils::QuotedStr("unsafe-eval") + "; " +
"style-src " + System::Sysutils::QuotedStr("self") + " http: " + System::Sysutils::QuotedStr("unsafe-inline") + "; " +
"img-src " + System::Sysutils::QuotedStr("self") + " http: data:; " +
"object-src " + System::Sysutils::QuotedStr("self") + "; " +
"media-src " + System::Sysutils::QuotedStr("self") + " http:; " +
"frame-ancestors " + System::Sysutils::QuotedStr("self") + " http:; " +
"base-uri " + System::Sysutils::QuotedStr("self") + " http:");
aReply->AddHeader("Access-Control-Allow-Origin", "*");
Thank You
/Claudio
Hmmm..... Does not makes sense tweaking IW side. Even turning off headers injection the error still the same, so it seems just their policy.....