CSP frame-ancestors

This is used to inform the browser which sites  can embed a ResourceSpace page using <frame>, <iframe>, <object>, or <embed> tags.

To enable this, set the configuration option  $csp_frame_ancestors as below. This must be defined as an array of valid parent URLs. 


$csp_frame_ancestors = ["'self'", "", "", ""];

  • Single quotes are required for 'self' or 'none'
  • By default an empty array is configured, however 'self' is always added for system functionality e.g. advanced search 
  • If no entries are added then frame-ancestors will be implemented based upon the legacy '$xframe_options' config if that is set

Refer to for more information