@tsteur opened this Issue on February 4th 2022 Member

follow up from https://github.com/matomo-org/matomo/pull/18215/files

image

It's not allowing shop.matomo.org to be opened in an iframe.

To reproduce go to Marketplace, then click on a premium feature, then click on Reviews tab

@sgiehl commented on February 4th 2022 Member

@tsteur According to the browsers message the problem actually is, that shop.matomo.org only allows to be framed by plugins.matomo.org by sending the csp header: frame-ancestors https://plugins.matomo.org;. I guess we would actually need to allow any source, as it might be opened by any matomo instance.

In addition it might also be needed to add frame-src: *.matomo.org within Matomo, but we can check that once the issue above is solved.

@tsteur commented on February 8th 2022 Member

👍 thanks for this. created an internal issue

This Issue was closed on February 8th 2022
Powered by GitHub Issue Mirror