'Frame ancestor is set to none even though it's not
I'm running a matrix synapse instance with OpenID Keycloak and as web-client, I use Riot. I receive has refused to connect with : "Refused to frame 'https://matrix.domain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
However I have no problem connecting to it through Riot, I get the error when I display Riot in an iframe and try login, all the websites are of same domain wildcard.
My nginx config on matrix.instance.com is
server { server_name matrix.domain.com; root /var/www/matrix.domain.com; index index.html; #add_header 'Access-Control-Allow-Origin' '*'; add_header Content-Security-Policy "frame-ancestors https://website1.domain.com https://website2.domain.com> location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass http://localhost:8008; }
Solution 1:[1]
I have found the solution, matrix-synapse throws the flag from this directory /opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/http/server.py
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Ari Berisha |