Skip to content Skip to sidebar Skip to footer
Home / Html / Iframe / Javascript / Server

How Can I Block Request Thats Come Out From Iframe

Post a Comment
F.e. I have such code index.html

Solution 1:

HTML5 introduces the sandbox attribute on the iframe that, disables JavaScript loading and execution.

Solution 2:

Set up a CSP with connect-src.

You can't block badsite specifically, but you can allow only goodsite (or a list of sites that includes goodsite).

Your HTTP response headers for iframe.html should include:

Content-Security-Policy: connect-src http://goodsite.com http://different-goodsite.com

You could also use a meta element.

<metahttp-equiv="Content-Security-Policy"content="connect-src http://goodsite.com http://different-goodsite.com">

Post a Comment for "How Can I Block Request Thats Come Out From Iframe"