I’m creating a web site (Web site A) in a easy Content material Administration System. As a result of the CMS can not work together with my information server, I’ve some internet content material hosted on one other internet server (Web site B – subdomain.instance.com) that I show in an iFrame on Web site A.
I’ve added the next content material safety coverage by way of an HTTP response header on the net server internet hosting Web site B:
Content material-Safety-Coverage:
frame-ancestors subdomain.instance.com;
All the things works effectively on my desktop machine (the iFrame content material shows accurately in Chrome, Safari, Firefox). Nevertheless, when I attempt to show Web site A on my iPhone (iOS 17.1.2) the iFrame fails to show content material in any browser of the cellular variations of the browsers above. Safari Internet Inspector exhibits the next error:
Refused to load https://subdomain.instance.com/my-site as a result of it doesn’t seem within the frame-ancestors directive of the Content material Safety Coverage
How can I modify the CSP directive so it can work in iOS?
I’ve tried changing the wildcard with the subdomain title in addition to together with https//: within the path title – each with out success. I’ve additionally searched on-line however haven’t discovered an answer to this specific difficulty. I don’t have a CSP within the aspect.