4,397 questions
Required Domains to be Added in Frame-Ancestors
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 20%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Gelica Sigrid Semillano
10
Reputation points
Hi all,
We have an officejs add-in where we recently added CSP headers to allow iframing to specific domains only by implementing frame-ancestors.
Currently here is a list of our whitelisted domains for the add-in, I just wanted to confirm if we are already able to cover all possible instances and or if we missed out a domain?
"https://*.officeapps.live.com",
"https://*.sharepoint.com",
"https://*.companynamesample.com",
"https://onedrive.live.com"
Apologies if I posted in the wrong channel, used the wrong tags, or if this is a duplicate question. Would greatly appreciate it if you could give me an answer to this or redirect me to the accurate QA page.
Thanks in advance!
Microsoft 365 and Office | Development | Other
Microsoft 365 and Office | Excel | For business | Windows
3,983 questions
{count} votes
-
Gelica Sigrid Semillano 10 Reputation points
2023-05-10T11:08:29.3366667+00:00 Just to add more context into this our add-in application is used in Excel web, and we're planning to release this also in PC/MAC in the future
Sign in to comment
Sign in to answer