In order to fix this error, what would be the correct policy ids to add to the csp_whitelist.xml file?

An Adobe Commerce developer has added an iframe and included a JavaScript library from an external domain to the website. After that, they found the following error in the console: Refused to frame [URL] because it violates the Content Security Policy directive.

In order to fix this error, what would be the correct policy ids to add to the csp_whitelist.xml file?
A . frame-src and script-src
B. default-src and object-src
C. frame-ancestors and connect-src

View Answer

Answer: C

Explanation:

The frame-ancestors directive specifies the domains that are allowed to embed the current page in an iframe. The connect-src directive specifies the domains that are allowed to be loaded by the current page through a <script> tag or XMLHttpRequest.

In this case, the developer has added an iframe that embeds a page from an external domain. The Content Security Policy (CSP) is preventing the iframe from being loaded because the domain of the external page is not listed in the frame-ancestors directive.

To fix this error, the developer needs to add the domain of the external page to the frame-ancestors directive. They can do this by adding the following line to the csp_whitelist.xml file: <frame-ancestors>https://www.example.com</frame-ancestors>