I am developing a salesforce app which is rendered inside an iframe in salesforce page. Using node express server to render this page. As part of security review, i want to render only in salesforce page and block if embedded anywhere else.
For that, i have added content-security-policy header as below: response.header("Content-Security-Policy", "frame-ancestors salesforce.com");
But it is blocked on salesforce page too.
Error : Refused to display 'https://localhost:8000/authenticate' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors salesforce.com".
Can someone help me where i am doing wrong?
via Rajeev
No comments:
Post a Comment