Sites using CSP frame-ancestors do not seem to be detected correctly

GENERAL

TESTING

GENERAL

TESTING

Description

I believe there's a bug with the web content "Open in New Window" Detection with CSP. When using "https://www.cnn.com" it doesn't detect that it needs a new window.

The web console says:

http://www.cnn.com IS correctly detected.

I also think like it should be either removing the option entirely and/or telling the user why they can't leave the pages open in the same window.

Linked issues

relates to

SAK-37485

Lessons Add Content should tell the user if they can't unselect "Open item in a new window"

SAK-21624

Check the headers of the URL to see if it allows being framed

Activity

Matthew Jones February 15, 2018 at 7:23 AM

This looks like the whole header it has

They don't have an x-frame-options, just this one. Might be a little harder to parse out.

Details
Priority
Major
Affects versions
12.0
19.0
Components
Assignee
Core Team
Reporter
Matthew Jones

Created February 14, 2018 at 4:10 PM

Updated February 19, 2018 at 1:53 PM

Sites using CSP frame-ancestors do not seem to be detected correctly

Description

Linked issues

relates to

Activity

Matthew Jones February 15, 2018 at 7:23 AM

DetailsPriorityMajorAffects versions12.019.0ComponentsAssigneeCore TeamCore TeamReporterMatthew JonesMatthew Jones

Details

Priority

Affects versions

Components

Assignee

Reporter

Details
Priority
Major
Affects versions
12.0
19.0
Components
Assignee
Core Team
Reporter
Matthew Jones