Strapiv4 <iframe>

Renan_da_Rocha · July 19, 2023, 2:20pm

System Information

Strapi Version:
Operating System:
Database:
Node Version:
NPM Version:
Yarn Version:

I’m trying to upload a pdf file to pass via iframe, but I’m getting this error:Refused to frame 'my url ’ because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘self’” and on the right side I I took any pdf from the internet and it works in my application

Boegie19 · July 19, 2023, 4:31pm

You need to change the strapi::security middleware to allow for it to not break it

Renan_da_Rocha · July 19, 2023, 5:00pm

how can this be done?

Boegie19 · July 19, 2023, 5:11pm

I meant cors

Renan_da_Rocha · July 19, 2023, 6:24pm

ok, thank you very much I will test and if it works I will bring the answer

anh_viet · August 16, 2023, 6:45am

Code example.
{
name: “strapi::security”,
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
“script-src”: [“‘self’”, “https:”, “http:”],
“frame-src”: [“‘self’”, “https:”, “http:”],
“frame-ancestors”: [“‘self’”, “https:”, “http:”],
},
},
}
},

Renan_da_Rocha · August 16, 2023, 1:27pm

Good morning, a simple and effective solution, I did it like this:<iframe
src={https://docs.google.com/viewer?url=https:your url here&embedded=true}
height=“100%”
width=“100%”
>