Share via


ServerComponentsEndpointOptions.ContentSecurityFrameAncestorsPolicy Property

Definition

Gets or sets the frame-ancestorsContent-Security-Policy to set in the HttpResponse when ConfigureWebSocketAcceptContext is set.

public string? ContentSecurityFrameAncestorsPolicy { get; set; }
member this.ContentSecurityFrameAncestorsPolicy : string with get, set
Public Property ContentSecurityFrameAncestorsPolicy As String

Property Value

Remarks

Setting this value to null will prevent the policy from being automatically applied, which might make the app vulnerable. Care must be taken to apply a policy in this case whenever the first document is rendered.

A content security policy provides defense against security threats that can occur if the app uses compression and can be embedded in other origins. When compression is enabled, embedding the app inside an iframe from other origins is forbidden.

For more details see the security recommendations for Interactive Server Components in the official documentation.

Applies to