For additional context I am trying to run the cms locally for development purposes. I have it configured to use a self signed cert. I have HTTPS working for the site and cookies are not being blocked by the browser. I have also added the CMSAdminCookiesSameSiteNone to my web.config file. When I select a page to open the preview it makes a request to our development domain and returns the error: 'Refused to frame 'https://development.obfusticatedDomainName.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".'
'Refused to frame 'https://development.obfusticatedDomainName.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".'
I am attempting to setup my dev environment and have not been able to get it running thus yet. Let me know if you require additional information.
Edit: I believe the error is arising from the cross-site request (localhost -> development) but I can't seem to find where this request is being handled. The network request is made under the following: https://development.obfusticatedDomainName.com/KenticoCookiePolicyCheck?origin=https%3a%2f%2flocalhost&cookieName=KenticoCookiePolicyTest&cookieValue={obfusticatedCookieValue}
https://development.obfusticatedDomainName.com/KenticoCookiePolicyCheck?origin=https%3a%2f%2flocalhost&cookieName=KenticoCookiePolicyTest&cookieValue={obfusticatedCookieValue}
Isn't it possible that you have some CSPs set in the web.config files and you forgot to remove/update them to match your local development domains?
@Juraj No luck. Changing the CSP's doesn't actually affect the request that's being made. Regardless of the CSP it will use the same Headers. Looks like the middleware is overwriting the web.config file. For more context we are on Kentico 13.0.97 and x.x.98 references some changes to fix a very similar or the same issue. Any ideas?
This is really hard to tell without being able to reproduce the issue. Way too many unknown variables. It might be also something on the network, IIS setup - some request filtering verbs might be not allowed.
Please, sign in to be able to submit a new answer.