Security Policy directive: “frame-ancestors ‘none'”

  • Resolved CPL Business Consultants

    (@cplconsult)


    1 year, 10 months ago

    I have set up all the hardening features on my site in Really Simple SSL. However when trying to use Elementor to edit a page it does not load.

    Chrome Developer tool says “Refused to frame ‘https://www.DOMAIN.com/’ because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none'”.”

    Elementor says; “JS: 2024-04-20 21:20:47 [error X 1][https://www.DOMAIN.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1:2:28760] Cannot read properties of undefined (reading ‘value’) JS: 2024-05-07 12:16:23 [error X 8][https://www.DOMAIN.com/wp-content/plugins/elementor/assets/js/editor.min.js?ver=3.21.4:3:581869] Failed to read a named property ‘elementorFrontend’ from ‘Window’: Blocked a frame with origin “https://www.DOMAIN.com” from accessing a cross-origin frame.

    The cross origin policy in Really Simple SSL is currently set to ‘None’. Recommended Security Headers in Really Simple SSL is greyed out and I can’t see an entry to edit in htaccess. However, Really Simple Auto Prepend File is enabled.

    The question is how do I change the Content Security Policy directive for frame-ancestors?

Viewing 1 replies (of 1 total)
  • Plugin Support Jarno Vos

    (@jarnovos)

    1 year, 10 months ago

    Hi @cplconsult,

    You can change this under Settings -> SSL & Security -> “Settings” in the top menu bar -> Security Headers -> Content Security Policy -> Frame Ancestors.

    I’d recommend setting it to the value “Self” (instead of “none”), which should also allow Elementor to work again.

    Kind regards, Jarno

Viewing 1 replies (of 1 total)

The topic ‘Security Policy directive: “frame-ancestors ‘none'”’ is closed to new replies.