Open Sjord opened 3 weeks ago
allow-downloads
works in Firefox and Chrome for actual downloads, regardless of download
attribute.allow-downloads-without-user-activation
does not work in Firefox or Chrome. When allow-downloads
is set, downloads without user activation are also permitted.allow-forms
works in Firefox and Chrome.allow-modals
works in Firefox and Chrome.allow-orientation-lock
, works at least in Chrome.allow-pointer-lock
works in Firefox and Chrome.allow-popups
works in Firefox and Chrome.allow-popups-to-escape-sandbox
works in Firefox and Chrome.allow-presentation
works in Chrome.allow-same-origin
works in Firefox and Chrome.allow-scripts
works in Firefox and Chrome.allow-storage-access-by-user-activation
only seems applicable to iframes.allow-top-navigation
works, but only for child iframes. So it does not apply to links in the sandboxed pages, only to iframes with links on the sandboxed page.allow-top-navigation-by-user-activation
works, but only for child iframes.allow-top-navigation-to-custom-protocols
works, but only for child iframes.So allow-top-navigation
in the CSP header does do something, just not in the document but only in child iframes. So it should be documented on this page, but the description should be improved.
MDN URL
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
What specific section or headline is this issue about?
Syntax
What information was incorrect, unhelpful, or incomplete?
Some of the sandbox directives are only implemented for iframes, not for CSP.
What did you expect to see?
A list of directives such as
allow-modals
,allow-scripts
, but notallow-top-navigation
.Do you have any supporting links, references, or citations?
No response
Do you have anything more you want to share?
No response
MDN metadata
Page report details
* Folder: `en-us/web/http/headers/content-security-policy/sandbox` * MDN URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox * GitHub URL: https://github.com/mdn/content/blob/main/files/en-us/web/http/headers/content-security-policy/sandbox/index.md * Last commit: https://github.com/mdn/content/commit/0880a90f3811475d78bc4b2c344eb4146f25f66c * Document last modified: 2023-04-10T19:47:15.000Z