Page MenuHomePhabricator

current CSP testing policy would block frames
Closed, InvalidPublic


The current csp policy we are testing doesn't specify a frame-src, hence it would default to default-src.

To determine, is this something we want? There are legit reasons to block frames, but perhaps that's not something to do right now.