How to remove the frame-ancestors error message in Magento 2.4?

If you get the following error message in the Google Chrome console: The Content-Security-Policy directive frame-ancestors does not support the source expression unsafe-inline, what can you do to remove it?

First, we should mention that as of the 2.4.3 release, this is still a known issue with Magento: https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-3.html#known-issues. So, at best, all we can do is a temporary fix.

The solution involves creating our own module extending the Magento_Csp module. In the etc/config.xml file we want to modify the frame-ancestor policy and set it to 0. At a minimum, the file would look like this:

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
    <default>
        <csp>
            <policies>
                <storefront>
                    <frame-ancestors>
                        <inline>0</inline>
                    </frame-ancestors>
                </storefront>
                <admin>
                    <frame-ancestors>
                        <inline>0</inline>
                    </frame-ancestors>
                </admin>
            </policies>
        </csp>
    </default>
</config>

Then we run:

bin/magento setup:upgrade

In developer mode, that would be sufficient. In production mode, you will need to deploy the static content as well.

Now, if we look at the Google Chrome console again, we will notice that the error message is gone.

2 thoughts on “How to remove the frame-ancestors error message in Magento 2.4?

  1. I’m impressed, I need to say. Actually rarely do I encounter a blog that is each educative and entertaining, and let me let you know, you may have hit the nail on the head. Your idea is excellent; the issue is something that not sufficient individuals are talking intelligently about. I am very pleased that I stumbled throughout this in my seek for one thing relating to this.

Leave a Reply

Your email address will not be published.