CSP console messages #8
Description
Hello,
For this shop
https://www.terschellinger.com/
We get this console error message
Refused to frame 'https://sst.terschellinger.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
Probably because of this iframe:
<iframe src='https://sst.terschellinger.com/ns.html?id=GTM-T7XKCPC'
height='0' width='0' style='display:none;visibility:hidden'>
</iframe>
On the Magento side we have the policies
'self'
https://sst.terschellinger.com
https://sst.koelbed.nl
https://sst.nieuwtextiel.nl
But the problem seems to come from the policies on the side of sst.terschellinger.com?
And on another site
https://www.koelbed.nl/
We get the console message
sst.koelbed.nl/_/service_worker/5430/sw_iframe.html?origin=https%3A%2F%2Fwww.koelbed.nl&1p=1:7 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https://tagmanager.google.com https://www.gstatic.com https://sc-static.net 'sha256-mlniDAIOwKZ/DRiNMLde48OBqEvgRJk8O8pX449bEyI='". Either the 'unsafe-inline' keyword, a hash ('sha256-cxjudm4FKzoIVzduLWxPdT/vyQqo3SesO6XBYtrc+XQ='), or a nonce ('nonce-...') is required to enable inline execution.
On Magenmto we allready have the policy
*.tagmanager.google.com
Etc..
We use
Magento 2.4.4
"taggrs/magento2-data-layer": "v1.0.12",
What can we do to solve the CSP console messages?
Kind regards,
Michel