Remove frame-src from CSP. (#2169)

2025-10-13 15:28:05 +01:00 · 2025-05-29 10:54:37 -07:00 · 2025-05-29 10:54:37 -07:00 · ab4f02f74a
commit ab4f02f74a
parent 0fc6647627
1 changed files with 1 additions and 1 deletions
--- a/web.config
+++ b/web.config
@ -30,7 +30,7 @@
        <clear />
        <add name="X-Xss-Protection" value="1; mode=block" />
        <add name="X-Content-Type-Options" value="nosniff" />
-        <add name="Content-Security-Policy" value="frame-src vscode: login.microsoftonline.com; frame-ancestors 'self' portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn portal.microsoftazure.de df.onecloud.azure-test.net *.fabric.microsoft.com *.powerbi.com *.analysis-df.windows.net dataexplorer-preview.azurewebsites.net login.microsoftonline.com" />
+        <add name="Content-Security-Policy" value="frame-ancestors 'self' portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn portal.microsoftazure.de df.onecloud.azure-test.net *.fabric.microsoft.com *.powerbi.com *.analysis-df.windows.net dataexplorer-preview.azurewebsites.net" />
      </customHeaders>
      <redirectHeaders>
        <clear />