exxbrain edited a comment on issue #560: Content-security-policy bug URL: https://github.com/apache/cordova-android/issues/560#issuecomment-531571399 Another case is submitting a form to an iframe: ``` <form action="http://www.ralfinter.ru/csp_test.php"; target="iframe" method="post" > <input type="submit"/> </form> <iframe name="iframe" width="400" height="400"><iframe> ``` In this case we can see that the "Origin" header is "null". <img width="403" alt="Screenshot 2019-09-15 at 17 45 22" src="https://user-images.githubusercontent.com/1011558/64923259-dbb18080-d7e0-11e9-8a56-ecc00d251e52.png";>
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
![https://user-images.githubusercontent.com/1011558/64923259-dbb18080-d7e0-11e9-8a56-ecc00d251e52.png"](https://user-images.githubusercontent.com/1011558/64923259-dbb18080-d7e0-11e9-8a56-ecc00d251e52.png"){kind=link}