Closed mmv08 closed 3 years ago
@mikheevm I've added the header you suggested to yearn.dev. Currently x-frame-options
is in-tact. Does that need to change as well? If I remove x-frame-options
does that mean anyone can load yearn.finance in an iframe? If so that is undesirable. I've reached out to you in discord, please @ me or ping me there so we can debug together when you get a moment. Thanks!
Marking this as resolved as @mikheevm has confirmed that this is working as expected now.
Is your feature request related to a problem? Please describe. A follow up on: https://github.com/yearn/yearn-finance/pull/400 The Safe wallet needs to be able to access https://yearn.finance/manifest.json but it's currently not possible because CORS is not configured. The Wallet also loads the apps as an iframe but currently, the server doesn't allow to do that
Describe the solution you'd like
manifest.json
The PR included that but it doesn't seem to work.
x-frame-options
, with this header you can specify domains to allow the website to be loaded as an iframe, for example:Additional context