CSP: allow 'self' in frame-src

taskcluster / taskcluster-tools

Tools for debugging, inspecting and managing Taskcluster

https://tools.taskcluster.net/

Mozilla Public License 2.0

26 stars 91 forks source link

CSP: allow 'self' in frame-src #568

Closed helfi92 closed 6 years ago

helfi92 commented 6 years ago

Login renewal injects a frame with the access token injected as a query parameter (e.g., https://tools.taskcluster.net/login/auth0#access_token=...). We need to add self in frame-src.

helfi92 commented 6 years ago

/cc @imbstack.