Log inSign up
jeffreyyoung

jeffreyyoung

iframe-csp-test

Public
Like
iframe-csp-test
Val Town is a collaborative website to build and scale JavaScript apps.
Deploy APIs, crons, & store data – all from the browser, and deployed in milliseconds.
Sign up now
Code
/
README.md
Search
8/17/2025
Viewing readonly version of main branch: v5
View latest version
README.md

CSP Iframe Test

This is a simple website for testing Content Security Policy (CSP) permissions with iframes.

Features

  • Displays a webpage with text "Below is an iframe"
  • Contains an iframe with srcdoc content that has:
    • Blue background
    • Black text saying "hello from iframe" (styled in blue)
  • Served with CSP header: frame-src 'none'

Structure

  • /frontend/index.html - Main HTML page with embedded iframe
  • /backend/index.ts - Hono server that serves the HTML with CSP headers

Testing CSP

The website is served with Content-Security-Policy: frame-src 'none' header, which should block iframe loading from external sources. However, srcdoc iframes may behave differently depending on the browser's CSP implementation.

Usage

Visit the HTTP endpoint to see the iframe test in action and observe how the browser handles the CSP policy with srcdoc iframes.

FeaturesVersion controlCode intelligenceCLIMCP
Use cases
TeamsAI agentsSlackGTM
DocsShowcaseTemplatesNewestTrendingAPI examplesNPM packages
PricingNewsletterBlogAboutCareers
We’re hiring!
Brandhi@val.townStatus
X (Twitter)
Discord community
GitHub discussions
YouTube channel
Bluesky
Open Source Pledge
Terms of usePrivacy policyAbuse contact
© 2026 Val Town, Inc.