Sandbox directive settings in the application security policy header?

Hi all, has someone an explanation for the current sandbox directive settings in the application security policy header in yves?
It does not look ideal, since Google Chrome for example triggers a warning for the usage of the combination ‘allow-scripts’ and ‘allow-same-origin’ in developer console
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee
Hey, can you send an example of the warning?
0 -
The warning is visible in the linked image or across all demoshops via Google Chrome Developer Console (e.g. https://www.de.suite-nonsplit.demo-spryker.com/ )
0 -
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee
Ah sorry, i am just blind - The big preview image of github took all my focus
0 -
@florian.scholz could you find any reason why spryker adds both sandbox directives mentioned in the warning?
0 -
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee
Hey, i will try to push the team again - i did not receive any answer yet
0 -
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee
Maybe it could also help if you create an issue via the customer-portal to increase the prio. (would be cool if you ping we once you did it so i can tell the CSM to link it)
0 -
Thanks, @florian.scholz, i've created a ticket (case number: 00049369)
