@the-spectator.bsky.social
Turns out my test hostname `parent.eight_one.test` was invalid. Once I fixed it to `parent.eight-one.test` (notice underscore replaced by hypen), everything worked!
December 13, 2024 at 7:46 PM
Turns out my test hostname `parent.eight_one.test` was invalid. Once I fixed it to `parent.eight-one.test` (notice underscore replaced by hypen), everything worked!
Then I tested in Firefox, it shouted me the most friendly error. Then I learned, Underscores (_) are NOT valid in hostnames. Painful TIL, but worth it. 🫠
December 13, 2024 at 7:43 PM
Then I tested in Firefox, it shouted me the most friendly error. Then I learned, Underscores (_) are NOT valid in hostnames. Painful TIL, but worth it. 🫠
I double-checked my response headers:
content-security-policy: frame-ancestors 'self' parent.eight_one.test
Everything seemed correct. Yet, Chrome ignored the parent domain from frame-ancestors, leaving me utterly confused. 🤔
content-security-policy: frame-ancestors 'self' parent.eight_one.test
Everything seemed correct. Yet, Chrome ignored the parent domain from frame-ancestors, leaving me utterly confused. 🤔
December 13, 2024 at 7:40 PM
I double-checked my response headers:
content-security-policy: frame-ancestors 'self' parent.eight_one.test
Everything seemed correct. Yet, Chrome ignored the parent domain from frame-ancestors, leaving me utterly confused. 🤔
content-security-policy: frame-ancestors 'self' parent.eight_one.test
Everything seemed correct. Yet, Chrome ignored the parent domain from frame-ancestors, leaving me utterly confused. 🤔
Context:
Playing around with iframes locally, using self-signed HTTPS certs. Tried embedding `child.eight_one.test` into `parent.eight_one.test` but kept hitting: "Refused to frame 'https://child.eight-one.test/' because an ancestor violates the following CSP directive: "frame-ancestors 'self'"."
Playing around with iframes locally, using self-signed HTTPS certs. Tried embedding `child.eight_one.test` into `parent.eight_one.test` but kept hitting: "Refused to frame 'https://child.eight-one.test/' because an ancestor violates the following CSP directive: "frame-ancestors 'self'"."
December 13, 2024 at 7:40 PM
Context:
Playing around with iframes locally, using self-signed HTTPS certs. Tried embedding `child.eight_one.test` into `parent.eight_one.test` but kept hitting: "Refused to frame 'https://child.eight-one.test/' because an ancestor violates the following CSP directive: "frame-ancestors 'self'"."
Playing around with iframes locally, using self-signed HTTPS certs. Tried embedding `child.eight_one.test` into `parent.eight_one.test` but kept hitting: "Refused to frame 'https://child.eight-one.test/' because an ancestor violates the following CSP directive: "frame-ancestors 'self'"."