Last active 15 days ago


Last active 27 days ago
View more

Recent activity

iframes / cross-site embeds in sr.ht pages 23 days ago

From Kodmin Admin to ~sircmpwn/sr.ht-discuss

When hosting on pages.sr.ht, media embedding via <iframe> elements are blocked due to the server's cross-site policy, resulting in a error like:

"Content Security Policy: The page’s settings blocked the loading of a resource at https://archive.org/embed/{media_id} (“default-src”)."

This is not an issue with the webpage itself because the iframe loads when served using hugo serve.

Can the appropriate XSS headers be enabled?