Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow embedding the profiler with iframe? #5169

Open
nisargjhaveri opened this issue Oct 18, 2024 · 0 comments · May be fixed by #5170
Open

Allow embedding the profiler with iframe? #5169

nisargjhaveri opened this issue Oct 18, 2024 · 0 comments · May be fixed by #5170

Comments

@nisargjhaveri
Copy link
Contributor

nisargjhaveri commented Oct 18, 2024

I'm trying to use the https://profiler.firefox.com/from-post-message/ endpoint to embed the profiler in an VS Code extension. The API seems to have been designed for iframe usage (see #4835 (comment)).

Though, actually embedding the url in an iframe is blocked with Content-Security-Policy frame-ancestors 'self';

frame-ancestors 'self';

Content-Security-Policy: default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src http: https: data:; object-src 'none'; connect-src *; frame-ancestors 'self'; form-action 'none'; frame-src www.youtube-nocookie.com

Is this by design? Can we change this to allow others embedding the profiler in an iframe?

┆Issue is synchronized with this Jira Task

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant