How to set unique content-security-policy response header for each page RRS feed

  • Question

  • User-1315793439 posted

    We have a videos website much like Youtube. Our site allows other users to embed our videos in their sites using the iframe , again much like youtube.
    When our website is framed i.e when it is run in another website we don't want any area of the website to be navigable other than the video.

    The planned approach:
    Set frame-ancestor content-security-policy value to * on the video page.
    Disallow other pages to be accessed from the frame by keeping frame-ancestor to 'self'

    Also how can we specify different content-security-policy directive for each page.

    Is this a right approach or we can have something more effective that achieves the goal.

    Friday, March 18, 2016 12:27 PM