From ad93a7c3521b9499b57ece8998f871187e6c18e7 Mon Sep 17 00:00:00 2001
From: Preston Goforth <p@osano.com>
Date: Fri, 2 Jun 2023 14:23:01 -0400
Subject: [PATCH] chore: Add `child-src` and `frame-src` to optional CSP
 directive allow table

---
 docs/guides/references/experiments.mdx | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/docs/guides/references/experiments.mdx b/docs/guides/references/experiments.mdx
index 30b4443ef2..31293839ac 100644
--- a/docs/guides/references/experiments.mdx
+++ b/docs/guides/references/experiments.mdx
@@ -71,14 +71,16 @@ The following CSP directives will always be stripped:
 When `experimentalCspAllowList=true` the following directives will also be
 stripped in addition to the ones listed above:
 
-| Stripped Directive | Allowable | Reason                                                           |
-| ------------------ | --------- | ---------------------------------------------------------------- |
-| `default-src`      | Yes       | Conditionally prevents Cypress from loading scripts and running. |
-| `sandbox`          | Yes       | Can restrict access to script and iframe functionality.          |
-| `form-action`      | Yes       | Can prevent Cypress from monitoring form events.                 |
-| `navigate-to`      | Yes       | Affects Cypress' ability to navigate to different URLs.          |
-| `script-src`       | Yes       | Conditionally prevents Cypress from loading scripts and running. |
-| `script-src-elem`  | Yes       | Conditionally prevents Cypress from loading scripts and running. |
+| Stripped Directive | Allowable | Reason                                                                        |
+| ------------------ | --------- | ----------------------------------------------------------------------------- |
+| `child-src`        | Yes       | Could prevent iframes from loading in combination with other Cypress options. |
+| `default-src`      | Yes       | Conditionally prevents Cypress from loading scripts and running.              |
+| `frame-src`        | Yes       | Could prevent iframes from loading in combination with other Cypress options. |
+| `form-action`      | Yes       | Can prevent Cypress from monitoring form events.                              |
+| `navigate-to`      | Yes       | Affects Cypress' ability to navigate to different URLs.                       |
+| `sandbox`          | Yes       | Can restrict access to script and iframe functionality.                       |
+| `script-src`       | Yes       | Conditionally prevents Cypress from loading scripts and running.              |
+| `script-src-elem`  | Yes       | Conditionally prevents Cypress from loading scripts and running.              |
 
 #### Allow Specific CSP Directives