~sircmpwn/sr.ht-discuss

1

iframes / cross-site embeds in sr.ht pages

Details
Message ID
<733201704.52613.1622343808273@office.mailbox.org>
DKIM signature
pass
Download raw message
When hosting on pages.sr.ht, media embedding via <iframe> elements are blocked due to the server's cross-site policy, resulting in a error like:

"Content Security Policy: The page’s settings blocked the loading of a resource at https://archive.org/embed/{media_id} (“default-src”)."

This is not an issue with the webpage itself because the iframe loads when served using hugo serve.

Can the appropriate XSS headers be enabled?
Details
Message ID
<87pmx8su66.fsf@frost.armaanb.net>
In-Reply-To
<733201704.52613.1622343808273@office.mailbox.org> (view parent)
DKIM signature
pass
Download raw message
This is intentional: https://srht.site/limitations
> you cannot use a CDN or embed third-party content.
Reply to thread Export thread (mbox)