Required Domains to be Added in Frame-Ancestors
We have an officejs add-in where we recently added CSP headers to allow iframing to specific domains only by implementing frame-ancestors.
Currently here is a list of our whitelisted domains for the add-in, I just wanted to confirm if we are already able to cover all possible instances and or if we missed out a domain?
"https://*.officeapps.live.com", "https://*.sharepoint.com", "https://*.companynamesample.com", "https://onedrive.live.com"
Apologies if I posted in the wrong channel, used the wrong tags, or if this is a duplicate question. Would greatly appreciate it if you could give me an answer to this or redirect me to the accurate QA page.
Thanks in advance!
Just to add more context into this our add-in application is used in Excel web, and we're planning to release this also in PC/MAC in the future
Sign in to comment