When upgrading the CODE docker image in our system from version 24.04.12.3.1
to 24.04.12.4.1
(and any of the subsequent versions), the response header returned from the <collabora-host>/browser/30822a710f/cool.html
endpoint no longer includes the extra frame-ancestors
values as supplied in coolwsd.xml’s <content_security_policy/>
element.
This throws the following browser error and stops the iframe from loading Collabora :
Refused to frame 'https://<our-collabora-online-host>' because an ancestor violates the following Content Security Policy directive: "frame-ancestors <our-collabora-online-host>:* <our-collabora-online-internal-host>:*"
This header value when returned from 24.04.12.3.1
and earlier versions has all the additional values prepended to the header before the two default ones allowing the iframe to load Collabora.
Is this a known issue? I can’t find anything from scouring this forum or the web.
Any help appreciated. Thanks!