You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Dennis Thompson (JIRA)" <ji...@apache.org> on 2018/08/14 20:57:00 UTC

[jira] [Created] (ZEPPELIN-3714) Add header option for Content-Security-Policy

Dennis Thompson created ZEPPELIN-3714:
-----------------------------------------

             Summary: Add header option for Content-Security-Policy
                 Key: ZEPPELIN-3714
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-3714
             Project: Zeppelin
          Issue Type: Bug
          Components: conf
    Affects Versions: 0.7.3
            Reporter: Dennis Thompson
             Fix For: 0.8.1


Chrome doesn't support {{ALLOWED-FROM}} on {{X-Frame-Origins}} header which can cause troubles when Zeppelin is embedded in an app as an {{iframe}}. Adding this as an option solves the problem for allowed origins on Chrome, but will also not interferer with IE/Edge support.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)