Required Domains to be Added in Frame-Ancestors

Gelica Sigrid Semillano 10 Reputation points
2023-05-09T10:19:52.9433333+00:00

Hi all,

We have an officejs add-in where we recently added CSP headers to allow iframing to specific domains only by implementing frame-ancestors.

Currently here is a list of our whitelisted domains for the add-in, I just wanted to confirm if we are already able to cover all possible instances and or if we missed out a domain?

          "https://*.officeapps.live.com",
          "https://*.sharepoint.com",
          "https://*.companynamesample.com",
          "https://onedrive.live.com"

Apologies if I posted in the wrong channel, used the wrong tags, or if this is a duplicate question. Would greatly appreciate it if you could give me an answer to this or redirect me to the accurate QA page.

Thanks in advance!

Microsoft 365 and Office | Development | Other
Microsoft 365 and Office | Excel | For business | Windows
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.