Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Mattermost
  3. Override Content Security Policy not working

Override Content Security Policy not working

Scheduled Pinned Locked Moved Solved Mattermost
6 Posts 3 Posters 974 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    DualOSWinWiz
    wrote on last edited by
    #1

    i need to run mattermost in iframe and overriding the

    Content Security Policy
    Setting this option will override any CSP headers sent by the app itself

    i am trying to override to "frame-ancestors 'xyz.zyz';

    can anyone help in this regard

    1 Reply Last reply
    0
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      Have you seen the documentation for this at https://docs.cloudron.io/apps/#custom-csp ?

      D 1 Reply Last reply
      0
      • nebulonN nebulon marked this topic as a question on
      • nebulonN nebulon

        Have you seen the documentation for this at https://docs.cloudron.io/apps/#custom-csp ?

        D Offline
        D Offline
        DualOSWinWiz
        wrote on last edited by
        #3

        @nebulon yes i tried exactly but its not working

        1 Reply Last reply
        0
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #4

          I just tried this on a fresh installation and I can see the CSP header correctly sent after configuring it through the Cloudron dashboard. Can you maybe curl the page with -v and check the sent headers there?

          1 Reply Last reply
          0
          • girishG Do not disturb
            girishG Do not disturb
            girish
            Staff
            wrote on last edited by
            #5

            Looks like https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233 is the latest recipe.

            1 Reply Last reply
            0
            • girishG Do not disturb
              girishG Do not disturb
              girish
              Staff
              wrote on last edited by
              #6

              Configure mattermost like so:

              4834cffc-77c7-4d4a-8c7c-5c571d67a905-image.png

              Then in surfer app (the app configured above), use the following code:

              <!DOCTYPE html>
<html>

<body style="text-align: center">
	<iframe src="https://mattermost.smartserver.io" height="200" width="400">
	</iframe>
</body>

</html>

              The going to surfer.smartserver.io, I get:

              cb562414-4350-48ad-b114-30832ed029d0-image.png

              1 Reply Last reply
              0
              • girishG girish has marked this topic as solved on
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search