On our IIS website, there is a PDF file that we need to allow other sites to show in an iframe.
Currently the content-security-policy in the web.config is this:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self'" />
</customHeaders>
</httpProtocol>
</system.webServer>
As this is a pdf file, I could not use meta tags for that.
As I could not find an answer to this anywhere, I tried to compromise and created another web.config in the subdirectory of the pdf file with:
<add name="Content-Security-Policy" value="frame-ancestors '*'" />
trying thus to allow all the files in that directory to open in an iframe. However, IIS complained that I have multiple definitions of "Content-Security-Policy", so that didn't work.
Any ideas?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…