Content Security Policy

Similarly to WordPress Composer and Elementor, our frontend Editor is using iframe to allow users to easily configure KB pages on the front-end.

If your website has setup  Contest Security Policy (CSP) and this policy is restrictive about iframes then our front-end KB Editor might experience issue loading due to configuration of the policy.

If your CSP does not allow to load KB page in an iframe then you will see error similar to this in your browser console:

Content Security Policy: The page’s settings blocked the loading of a resource at https:///your-kb-page/?preopen=settings (“frame-ancestors”).

You will need to add the domain with the Knowledge Base to the CSP so it could load part of itself in the iframe. 

 Update: if our Editor detects CSP error, it will try to load the frontend page with the following directive:

               header("X-Frame-Options: SAMEORIGIN");