#2925 - CSP breaks preview functionality

By PDStig
Added 9th Nov 2016, 6:34 PM
2 views

Identifier	#2925
Issue type	Minor issue (breaks specific functionality)
Title	CSP breaks preview functionality
Status	Completed
Handling member	Chris Graham
Addon	core
Description	Content Security Policy breaks previewing functionality. Console on Microsoft Edge: CSP14309: Unknown directive 'frame-ancestors' in Content-Security-Policy - directive will be ignored. CSP14303: Content-Security-Policy policy was empty.
Steps to reproduce
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 9th Nov 2016, 7:42 PM

Actually issue is that Edge iframe scrolling defaults to 'auto' like IE does, and unlike other browsers, even though actually it's not even part of HTML5 anymore so invalid markup to turn it off. Our JS sees scrolling is there so doesn't try and resize the preview frame to fit it's content height. Fix is to put in scrolling="no" based on improved UA sniffing and also to resize height if it is zero even if scrolling is on..

#2925 - CSP breaks preview functionality

Rating

Comments

Statistics