Fix - 'frame-ancestors' does not support the source expression ''unsafe-inline''

KeyShang · web-flow · commit 9e7742e3f4f2 · 2021-06-10T16:39:22.000+08:00
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors#sources The wrong setting will cause a Chrome console error.
diff --git a/app/code/Magento/Csp/etc/config.xml b/app/code/Magento/Csp/etc/config.xml
@@ -106,7 +106,7 @@
                     <frame-ancestors>
                         <policy_id>frame-ancestors</policy_id>
                         <self>1</self>
-                        <inline>1</inline>
+                        <inline>0</inline>
                         <eval>0</eval>
                         <dynamic>0</dynamic>
                     </frame-ancestors>
@@ -217,7 +217,7 @@
                     <frame-ancestors>
                         <policy_id>frame-ancestors</policy_id>
                         <self>1</self>
-                        <inline>1</inline>
+                        <inline>0</inline>
                         <eval>0</eval>
                         <dynamic>0</dynamic>
                     </frame-ancestors>
