Is the "same-origin" implied when using "frame-ancestor" in the CSP header?
If my Content-Security-Policy is set to the following:
Content-Security-Policy: frame-ancestors ‘self’
Does it also imply:
Content-Security-Policy: default-src ‘self’
Or is it a lot safer to put both rules?
Content-Security-Policy: defau… Continue reading Is the "same-origin" implied when using "frame-ancestor" in the CSP header?