Hi all, has someone an explanation for the current...
# helpi
icy-sundown-8018
05/11/2023, 9:45 AMHi all, has someone an explanation for the current sandbox directive settings in the application security policy header in yves?
https://github.com/spryker/application/commit/92aaf096966a0724e726c6744533f900a924316d
It does not look ideal, since Google Chrome for example triggers a warning for the usage of the combination ‘allow-scripts’ and ‘allow-same-origin’ in developer console
p
plain-city-95899
05/11/2023, 10:12 AMHey, can you send an example of the warning?
i
icy-sundown-8018
05/11/2023, 11:23 AMThe warning is visible in the linked image or across all demoshops via Google Chrome Developer Console (e.g. https://www.de.suite-nonsplit.demo-spryker.com/ )
p
plain-city-95899
05/11/2023, 11:30 AMAh sorry, i am just blind - The big preview image of github took all my focus
i
icy-sundown-8018
05/26/2023, 11:10 AM@plain-city-95899 could you find any reason why spryker adds both sandbox directives mentioned in the warning?
p
plain-city-95899
05/26/2023, 11:50 AMHey, i will try to push the team again - i did not receive any answer yet
plain-city-95899
05/26/2023, 11:52 AMMaybe it could also help if you create an issue via the customer-portal to increase the prio. (would be cool if you ping we once you did it so i can tell the CSM to link it)
i
icy-sundown-8018
05/26/2023, 1:17 PMThanks, @plain-city-95899, i've created a ticket (case number: 00049369)
thankyou 1