CivicPlus has blocked our sites from being iFramed on other domains due to security risks. Our customers' security is very important to us, and allowing our sites to be iFramed would allow anyone to expose vulnerabilities in iFrames that include Clickjacking, XSS, and other malicious attacks.
At CivicPlus we take your site security seriously and block iframes to help block outside malicious behavior.
Feedback About the Article
Let us know what was helpful or not helpful about the article below.2 comments
How recent was this put in place? I have tested several external websites and placed them into an iframe and it displays accordingly. Youtube and webpages with aspx .net are filtered/refused by Civicplus. However if you use IE11 to view the external iframe webpage, it will display accordingly regardless of aspx or youtube webpage. We noticed that a section of our website that contained an external website that was iframed stopped working.
Is there a way for us to specify external resources that we trust to be included in the frame-ancestors tag in the header? We have a site that we used to embed that no longer works, and I'm getting:
Refused to frame '(our external resource)' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"
I can't find anything in the site tools where I can add a trusted site.
Please sign in to leave a comment.