擅长:python、mysql、java
<p>解决方案是直接在路由上增加一个<code>frame-ancestors</code>头,而不是在某些浏览器(inc chrome)中优先使用。在</p>
<pre><code># assume a csp dict exists
@talisman(frame_options=ALLOW_FROM,
frame_options_allow_from='*',
content_security_policy={**csp, 'frame-ancestors': ['*']})
def flask_route():
# individualised route
</code></pre>