Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to disable no iframe header policy #6258

Open
abcbarryn opened this issue Feb 5, 2025 · 1 comment
Open

Option to disable no iframe header policy #6258

abcbarryn opened this issue Feb 5, 2025 · 1 comment

Comments

@abcbarryn
Copy link

There should be an option to set a
Content-Security-Policy
header to allow embedding from specified URLS.

Alternative to X-Frame-Options: Content Security Policy (CSP) While X-Frame-Options is a simple and effective solution, it's somewhat limited. The modern and more flexible alternative is the Content Security Policy (CSP) with the frame-ancestors directive, which offers better control and granularity.
@abcbarryn
Copy link
Author

Also, if the CUPS server is only being bound to an internal network IP, the risk is minimal anyway. Just leave the default as it is and put the appropriate warnings/instructions in the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abcbarryn