Open webpigeon opened 3 years ago
It seems like this won't be as trivial to fix as first thought.
Trying to add the parent url would instead clash with the frame ancestors security header:
Refused to frame 'https://player.twitch.tv/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors http://localhost:* https://localhost:*".
There are some examples that could be useful: https://github.com/BarryCarlyon/twitch_misc/tree/main/player/electron But I fear that this would mean we'd have to make the Twitch widget more special than it is right now
PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug.
To Reproduce
Step by step instructions to reproduce the behavior:
Expected behavior
Describe the bug
Details
Version of Node.js: No idea, up to date docker-ansible-matrix-deploy
Server Operating System: Docker: yes (ubuntu host)
Additional context: I've tested this in self-hosted element (web) and desktop element.
Screenshots If applicable, add screenshots to help explain your problem.