Forum Discussion
Why do some webpages refuse to connect
I am looking to use the Web object functionality to send users to an internal survey site. When I have published my test storyline file, that item returns a message that says the site 'refused to c...
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data-injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware. A primary goal of CSP is to mitigate and report XSS attacks. XSS attacks exploit the browser's trust of the content received from the server. Malicious scripts are executed by the victim's browser because the browser trusts the source of the content, even when it's not coming from where it seems to be coming from (like from within an iFrame).
Your internal survey site and/or your own hosting site may have set a CSP frame-ancestors directive, which specifies valid parents that may embed a page using the <frame>, <iframe>, <object>, <embed>, or <applet> tags.
