ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 1 - AD0-E716 discussion

Report
Export

An Adobe Commerce developer has added an iframe and included a JavaScript library from an external domain to the website. After that, they found the following error in the console:

Refused to frame [URL] because it violates the Content Security Policy directive.

In order to fix this error, what would be the correct policy ids to add to the csp_whitelist.xml file?

A.
frame-src and script-src
Answers
A.
frame-src and script-src
B.
default-src and object-src
Answers
B.
default-src and object-src
C.
frame-ancestors and connect-src
Answers
C.
frame-ancestors and connect-src
Suggested answer: C

Explanation:

The frame-ancestors directive specifies the domains that are allowed to embed the current page in an iframe. The connect-src directive specifies the domains that are allowed to be loaded by the current page through a <script> tag or XMLHttpRequest.

In this case, the developer has added an iframe that embeds a page from an external domain. The Content Security Policy (CSP) is preventing the iframe from being loaded because the domain of the external page is not listed in the frame-ancestors directive.

To fix this error, the developer needs to add the domain of the external page to the frame-ancestors directive. They can do this by adding the following line to the csp_whitelist.xml file:

<frame-ancestors>https://www.example.com</frame-ancestors>

asked 02/10/2024
Riaan Cilliers
32 questions
NextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first