Solved Override Content Security Policy not working
-
i need to run mattermost in iframe and overriding the
Content Security Policy
Setting this option will override any CSP headers sent by the app itselfi am trying to override to "frame-ancestors 'xyz.zyz';
can anyone help in this regard
-
Have you seen the documentation for this at https://docs.cloudron.io/apps/#custom-csp ?
-
Topic has been marked as a question
nebulon
-
@nebulon yes i tried exactly but its not working
-
I just tried this on a fresh installation and I can see the CSP header correctly sent after configuring it through the Cloudron dashboard. Can you maybe curl the page with -v and check the sent headers there?
-
Looks like https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233 is the latest recipe.
-
Configure mattermost like so:
Then in surfer app (the app configured above), use the following code:
<!DOCTYPE html> <html> <body style="text-align: center"> <iframe src="https://mattermost.smartserver.io" height="200" width="400"> </iframe> </body> </html>The going to
surfer.smartserver.io, I get:
-
Topic has been marked as solved
girish