-
## `carthage update` issue
I'm not sure if I'm misusing Carthage, but intuitively I'd think that `carthage update` run in a context where there are already cloned and checked out dependencies, would …
-
```
I have been experimenting with the Google Cast SDK and noticed that when my
receiver app tries to display an iframe, it can only load certain domains.
For instance, adding displays
Vimeo.com i…
-
In CSP section 7.7 for frame-ancestors step 3.2 describes comparing the policy's allowed frame ancestors against the URLs of the parent documents. This will run into trouble when the parent frame's UR…
-
```
I have been experimenting with the Google Cast SDK and noticed that when my
receiver app tries to display an iframe, it can only load certain domains.
For instance, adding displays
Vimeo.com i…
-
```
What steps will reproduce the problem?
1. Run ZAP on a page that triggers "X-Frame-Options header not set"
2. Check the "Solution"
3. Note the brackets don't match. Two are opened, only one is clo…
-
```
I have been experimenting with the Google Cast SDK and noticed that when my
receiver app tries to display an iframe, it can only load certain domains.
For instance, adding displays
Vimeo.com i…
-
I have been getting numerous matches coming from Alamofire in different places in my app, but all coming from the same code lines in Alamofire. This is the problematic point:
![screen shot 2015-12-16…
-
```
I have been experimenting with the Google Cast SDK and noticed that when my
receiver app tries to display an iframe, it can only load certain domains.
For instance, adding displays
Vimeo.com i…
-
```
I have been experimenting with the Google Cast SDK and noticed that when my
receiver app tries to display an iframe, it can only load certain domains.
For instance, adding displays
Vimeo.com i…
-
X-Frame-Options is very good protection against clickjacking attacks. The problem with XFO is that this is non-standard header which has problems with domain whitelisting (the widely supported values …