You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Dennis Thompson (JIRA)" <ji...@apache.org> on 2018/08/14 20:57:00 UTC
[jira] [Created] (ZEPPELIN-3714) Add header option for
Content-Security-Policy
Dennis Thompson created ZEPPELIN-3714:
-----------------------------------------
Summary: Add header option for Content-Security-Policy
Key: ZEPPELIN-3714
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3714
Project: Zeppelin
Issue Type: Bug
Components: conf
Affects Versions: 0.7.3
Reporter: Dennis Thompson
Fix For: 0.8.1
Chrome doesn't support {{ALLOWED-FROM}} on {{X-Frame-Origins}} header which can cause troubles when Zeppelin is embedded in an app as an {{iframe}}. Adding this as an option solves the problem for allowed origins on Chrome, but will also not interferer with IE/Edge support.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)