79631319

Date: 2025-05-21 00:04:38
Score: 1.5
Natty:
Report link

hmm

frame-src in CSP controls what your page is allowed to embed in an frame . and CORP controls who can fetch your resource as a subresource (like img or ...) , and of course <iframe> embedding is not considered a fetch for a subresource under COPR/COEP rules

1-why override ? -> it does not , They serve entirely different purposes, they dont override each other , they just dont interact .

2-how do they interact ? they dont , They control different contexts.

3- how can enforce ? you should try using content-security-policy and x-frame-options headers

Reasons:
  • Long answer (-0.5):
  • No code block (0.5):
  • Contains question mark (0.5):
  • Low reputation (1):
Posted by: Mori