Required Domains to be Added in Frame-Ancestors

Gelica Sigrid Semillano 5 Reputation points
2023-05-09T10:19:52.9433333+00:00

Hi all,

We have an officejs add-in where we recently added CSP headers to allow iframing to specific domains only by implementing frame-ancestors.

Currently here is a list of our whitelisted domains for the add-in, I just wanted to confirm if we are already able to cover all possible instances and or if we missed out a domain?

          "https://*.officeapps.live.com",
          "https://*.sharepoint.com",
          "https://*.companynamesample.com",
          "https://onedrive.live.com"

Apologies if I posted in the wrong channel, used the wrong tags, or if this is a duplicate question. Would greatly appreciate it if you could give me an answer to this or redirect me to the accurate QA page.

Thanks in advance!

Excel
Excel
A family of Microsoft spreadsheet software with tools for analyzing, charting, and communicating data.
1,610 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
3,650 questions
{count} votes