HAProxy community

Frame-ancestors directive issues


#1

Hi, can someone help me with the right directive for frame-ancestors? I am using version 1.5.14. Here is the line that haproxy does not have issue in starting with but Chrome, Ver 70.0.3538.110, does not like it and complains that "Unrecognized Content-Security-Policy directive ‘frame-ancestors:’.

http-response set-header Content-Security-Policy:frame-ancestors 'self’

Any help is really appreciated.


#2

It should be:

http-response set-header Content-Security-Policy "frame-ancestors 'self';"

There needs to be a space between the header name and the header value, also if the header value contains spaces or single quotes, you need to put it into double quotes.

I don’t think this ever worked in a browser.


#3

Thank you for your quick response. However, haproxy does not start with that syntax. Error log says ’http-response set-header’ expects exactly 2 arguments"


#4

Right, old haproxy 1.5 doesn’t like the double quotes.

Escape the space in the value instead:

http-response set-header Content-Security-Policy frame-ancestors\ 'self';


#5

@lukastribus, that works :slightly_smiling_face:. Thank you so much.