ok provato così:
codice:
<!DOCTYPE html>
<html lang="it">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="X-UA-Compatible">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="Content-Security-Policy" content="frame-src http://testallergeni.demsupermercati.local/#/1">
<title>Test</title>
<script src="js/script.js"></script>
</head>
<body>
<iframe src="http://www.sito.local/#/1" title="Test"></iframe>
</body>
</html>
questo quello che ho in console:
codice:
The source list for Content Security Policy directive 'frame-src' contains a source with an invalid path: '/#/1'. The fragment identifier, including the '#', will be ignored.
about:blank:1 The source list for Content Security Policy directive 'frame-src' contains a source with an invalid path: '/#/1'. The fragment identifier, including the '#', will be ignored.
chromewebdata/:1 Refused to display 'http://www.sito.local/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
il problema dell'hashtag ok dipende anche da angular, magari posso risolverlo a monte.
ma cmq mi blocca se ho capito bene!