Hi,
On Windows 2012, I am trying to trying to set Content-Security-Policy, set in web.config, to allow all entries from *.corp.location.com.
After checking online, I set it up as below, but it failed.
Can somebody please tell me what the syntax for this should be?
Thanks, DF
Web.config:
<httpProtocol>
<customHeaders>
...
<add name="Content-Security-Policy" value="frame-ancestors *.corp.location.com" />
.......
</customHeaders>
</httpProtocol>
Chrome-F12:
Refused to display 'http:/server.corp.location.com/….. in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors *.corp.location.com".