The CSP frame-ancestors how to support Android Cordova apps

1.5k Views Asked by albert At 20 October 2024 at 08:03

I have added the CSP configurations frame-ancestors: 'self' on webserver https://www.exapleA.com/test/.

Currently I have another Android Cordova app and using iframe tag in JS file to loading above website pages, like as below:

<iframe src="https://www.exapleA.com/test/"></iframe>

But I got the CSP errors like as below:

Refused to display 'https://www.exapleA.com/test' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'

You know the Android Cordova apps added all the static files into the wrapper, so there no domain can append in "frame-ancstors". So how to resolve this issue?

Original Q&A

There are 1 best solutions below

German Cañon On 09 February 2021 at 18:52

In your Cordova config (config.xml) you only have to add this:

<preference name="Hostname" value="custom-domain.co" />
<allow-navigation href="http://custom-domain.co/*"/>

Where custom-domain.co is like the domain of your Android APK.

Then, you will be able to config your website like so:

frame-ancestors: 'self' custom-domain.co

For more information see this link (section Configuration -> Hostname): https://github.com/ionic-team/cordova-plugin-ionic-webview

The CSP frame-ancestors how to support Android Cordova apps

There are 1 best solutions below

Related Questions in ANDROID

Related Questions in CORDOVA

Related Questions in IFRAME

Related Questions in CONTENT-SECURITY-POLICY

Related Questions in IFRAME-APP

Trending Questions

Popular # Hahtags

Popular Questions