Menu
I am embedding an iFrame in my web page, something like this:
var iframeProps = { 'data-type': self.props.type, allowTransparency: self.props.allowTransparency, className: self.props.className, frameBorder: self.props.frameBorder, height: self.props.height, key: url, onLoad: self.props.onLoad.bind(self), scrolling: self.props.scrolling, src: self.state.isActive ? url : '', style: self.props.styles, width: self.props.width }; <iframe {...iframeProps} /> This is throwing an error in the console
Refused to display 'https://twitter.com/.... in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
Could anyone please tell me how can I make this work?
414
The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using <frame> , <iframe> , <object> , <embed> , or <applet> . Setting this directive to 'none' is similar to X-Frame-Options : deny (which is also supported in older browsers).
CSP frame-ancestors. The frame-ancestors directive allows you to specify which parent URLs can frame the current resource. Using the frame-ancestors CSP directive we can block or allow a page from being placed within a frame or iframe.
The content is prohibited from being displayed within an IFRAME due the Content Security Policy being set. The webserver hosting twitter.com is configured to add a HTTP header to the response object. Specifically they are setting the Content-Security-Policy tag to frame-ancestors 'self'. There is no way you'll be able to embed their pages into a page of your own using IFRAME. There are other techniques that you could use to work around that, but none are as simple as an iframe tag.
W3C Content Security Policy Level 3 - Frame Ancestors
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
