upstream/ipython Commit - r19138:ca1f291f

Document Content-Security-Policy changes

Kyle Kelley -

r19138:ca1f291f

parent child

docs/source/whatsnew/development.rst

0 +9 -5

              The IPython Notebook and its APIs by default will only be allowed to be
              embedded in an iframe on the same origin.
-             To override this, set ``headers[X-Frame-Options]`` to one of
+             Override ``headers['Content-Security-Policy']`` within your notebook
+             configuration to extend for alternate domains and security settings.::
-             * DENY
-             * SAMEORIGIN
-             * ALLOW-FROM uri
+                 c.NotebookApp.tornado_settings = {
+                     'headers': {
+                         'Content-Security-Policy': "default-src 'self' *.jupyter.org
+                     }
+                 }
-             See `Mozilla's guide to X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_ for more examples.
+             For a more thorough and accurate guide on Content Security Policies, check out
+             `MDN's Using Content Security Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy>`_ for more examples.

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages