Skip to content

CSP blocks external iFrames including Ghost Explore #92

Open
Open
CSP blocks external iFrames including Ghost Explore#92
@jonaharagon

Description

@jonaharagon
jonaharagon
opened on Nov 26, 2025

Not sure this policy makes a ton of sense if you plan to embed sites on explore.ghost.org:

ghost-docker/caddy/snippets/SecurityHeaders

Line 11 in 2926758

Content-Security-Policy "frame-ancestors 'self' {$ADMIN_DOMAIN:}"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions