CSP sources no URL scheme is specified note

[swilliamsui]

MDN URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src#sources

What information was incorrect, unhelpful, or incomplete?

How protocols without a scheme are treated is unclear. The frame-ancestors#sources note in yellow is much more clear.

Specific section or headline?

"Sources" -> "< host source >"

What did you expect to see?

Yellow box should be applied to all relevant locations.

Did you test this? If so, how?

N/A

[NegiAkash890]

Can someone please explain the issue further ? I think that I can fix the issue .

[CreaTorAlexander]

Yellow box should be applied to all relevant locations.

@swilliamsui what would you expect to have as relevant locations?

[sideshowbarker]

To whoever works on this:

The root cause of this is that the source of https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src#sources is transcluded from https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src#sources using the page() macro mechanism described in https://developer.mozilla.org/en-US/docs/MDN/Structures/Macros/Other#transclusion.

So a possible solution is to remove that page() macro call, and replace it with actual content in the source of the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src article itself.

The downside of that is that we end up duplicating quite a bit of content.