Issue metadata
Sign in to add a comment
|
Improper CSP implementation ( Canary versions too )
Reported by
arjuniet...@gmail.com,
May 29 2018
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Steps to reproduce the problem: Open the htlm file I am giving you in all the browsers Montor the console logs What is the expected behavior? A CSP error about the frame-Ancestor showed be present in the browser What went wrong? all Released as well as about to release versiions are not able to detect the violation of the CSP Did this work before? N/A Chrome version: 66.0.3359.181 Channel: stable OS Version: OS X 10.12.6 Flash Version: Issue 845767 was about all versions but this covers canary
,
May 29 2018
It's not entirely clear what you're reporting here. The issue reported here seems to be identical to #25 in Issue 845767 , and it's not a bug. Chrome simply doesn't show a message when X-Frame-Options is trumped by Content-Security-Policy Frame-Ancestors. This issue should be duped to 845767 unless you're truly trying to report something different.
,
May 29 2018
You can close both issue
,
May 30 2018
,
Sep 6
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by e...@chromium.org
, May 29 2018