Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow embedding the profiler with iframe? #5169

Open
nisargjhaveri opened this issue Oct 18, 2024 · 0 comments · May be fixed by #5170 or #5234
Open

Allow embedding the profiler with iframe? #5169

nisargjhaveri opened this issue Oct 18, 2024 · 0 comments · May be fixed by #5170 or #5234

Comments

@nisargjhaveri
Copy link
Contributor

nisargjhaveri commented Oct 18, 2024
edited by data-sync-user
Loading

I'm trying to use the https://profiler.firefox.com/from-post-message/ endpoint to embed the profiler in an VS Code extension. The API seems to have been designed for iframe usage (see #4835 (comment)).

Though, actually embedding the url in an iframe is blocked with Content-Security-Policy frame-ancestors 'self';

profiler/server.js

Line 62 in 1170042

frame-ancestors 'self';

profiler/res/_headers

Line 28 in 1170042

Content-Security-Policy: default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src http: https: data:; object-src 'none'; connect-src *; frame-ancestors 'self'; form-action 'none'; frame-src www.youtube-nocookie.com

Is this by design? Can we change this to allow others embedding the profiler in an iframe?

┆Issue is synchronized with this Jira Task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@nisargjhaveri