Installing and upgrading
Backups
Security
User management
Advanced user group options
Customising ResourceSpace
Plugins
StaticSync
Configuring ResourceSpace
Integrations

CSP frame-ancestors

This is used to inform the browser which sites  can embed a ResourceSpace page using <frame>, <iframe>, <object>, or <embed> tags.

To enable this, set the configuration option  $csp_frame_ancestors as below. This must be defined as an array of valid parent URLs. 

e.g.

$csp_frame_ancestors = ["'self'", "https://example.org", "https://example.com", "https://store.example.com"];

 NOTES
  • Single quotes are required for 'self' or 'none'
  • By default an empty array is configured, however 'self' is always added for system functionality e.g. advanced search 
  • If no entries are added then frame-ancestors will be implemented based upon the legacy '$xframe_options' config if that is set

Refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors for more information