Closed Blackbaud-ColbyWhite closed 3 years ago
Need to dig into the Slack threads on this and look into more updates to address Colby's questions. Based on side conversations with him, Matt's PR did not address all of his concerns with these docs.
it looks like the blackbaud
option results in the following header:
Content-Security-Policy: frame-ancestors https://*.blackbaud.com https://*.blackbaud-dev.com https://*.blackbaud-test.com
the actual value would be useful in the doc. or a link to where the values are hardcoded. it may also be useful to note that this prevents localhost
embedding or potentially any other local dev if the embedding app is not a SKY UX SPA.
Another internal Slack thread on this: https://app.slack.com/client/T02BBN218/C3TQ4C0KG/thread/C3TQ4C0KG-1596489836.117900.
Moved to ADO issue
@Blackbaud-KerryCampbell, fyi, by closing the github issue you also closed the ado issue. i assume that wasnt intentional. j/ a heads up.
The doc around this option is a bit misleading; specifically how it is has been brought up in a couple threads.
Also, the doc does not mention what happens when you leave off
frameOptions
completely.