Hi, can someone help me with the right directive for frame-ancestors? I am using version 1.5.14. Here is the line that haproxy does not have issue in starting with but Chrome, Ver 70.0.3538.110, does not like it and complains that "Unrecognized Content-Security-Policy directive ‘frame-ancestors:’.
http-response set-header Content-Security-Policy:frame-ancestors 'self’
Any help is really appreciated.
It should be:
http-response set-header Content-Security-Policy "frame-ancestors 'self';"
There needs to be a space between the header name and the header value, also if the header value contains spaces or single quotes, you need to put it into double quotes.
I don’t think this ever worked in a browser.
Thank you for your quick response. However, haproxy does not start with that syntax. Error log says ’http-response set-header’ expects exactly 2 arguments"
Right, old haproxy 1.5 doesn’t like the double quotes.
Escape the space in the value instead:
http-response set-header Content-Security-Policy frame-ancestors\ 'self';
@lukastribus, that works 
. Thank you so much.