Re: correct CSP frame-src value for a scripted iframe src?

Disregard.  I see Adam has already responded:

On 5/2/12 9:41 AM, Adam Barth wrote:
> On Tue, May 1, 2012 at 1:19 PM, Ingo Chao<ichaocssd@googlemail.com>  wrote:
>> A html file contains
>> <iframe src="javascript:''"></iframe>
>>
>> Chrome logs:
>> "[Report Only] Refused to load frame from 'about:blank' because of
>> Content-Security-Policy."
>>
>> What would be the correct frame-src value that allows it?
> You're running into a bug in WebKit's implementation:
>
> https://bugs.webkit.org/show_bug.cgi?id=85233
>
> It's not sensible to block about:blank documents because you get a
> blank document when a URL is blocked.  :)
>
> I'll fix it soon.  Thanks!
>
> Adam
>



On 5/4/12 12:35 PM, Tanvi Vyas wrote:
> What does your Content Security Policy header look like?  You may need 
> to allow unsafe-inline for the javascript:... to work.
>
> On 4/30/12 6:43 AM, Ingo Chao wrote:
>> A html file contains
>> <iframe src="javascript:''"></iframe>
>>
>> Chrome logs:
>> "[Report Only] Refused to load frame from 'about:blank' because of
>> Content-Security-Policy."
>>
>> What would be the correct frame-src value that allows it?
>>
>> Thanks,
>> Ingo Chao
>>
>>
>
>

Received on Friday, 4 May 2012 23:12:07 UTC