Last post Mar 21, 2016 10:16 AM by Candice Zhou
Mar 18, 2016 12:27 PM|invincible_777|LINK
We have a videos website much like Youtube. Our site allows other users to embed our videos in their sites using the iframe , again much like youtube.
When our website is framed i.e when it is run in another website we don't want any area of the website to be navigable other than the video.
The planned approach:
Set frame-ancestor content-security-policy value to * on the video page.
Disallow other pages to be accessed from the frame by keeping frame-ancestor to 'self'
Also how can we specify different content-security-policy directive for each page.
Is this a right approach or we can have something more effective that achieves the goal.
Mar 21, 2016 10:16 AM|Candice Zhou|LINK
I think you could determine the request domain in the BeginRequest Event. If you get the different domain, it will display the video's content, others don't display.