I’m unable to load an iframe inside the web application. It was working fine till date, and out of the blue I started facing this issue:
In place of the iframe, it says: This content is blocked. Contact the site owner to fix the issue.
the console says:
Refused to frame ‘LOCAL_HOST_URL’ because it violates the following Content Security Policy directive: “frame-src ‘self’ ‘WALKME_URL’ ‘COMPANY_URL’ ‘ANOTHER_LOCAL_HOST_URL’ blob: data: ‘MICROSOFT_LOGIN_URL’ ‘KBMAX_URL’ ‘ONE_ANOTHER_URL’ ‘ATLASSIAN_URL'”.
It is an Angular web application with .NET for the backend.
I tried updating the Content Security Policy (CSP) in project’s index.html
file to allow framing of ‘LOCAL_HOST_URL’.
<meta http-equiv=”Content-Security-Policy” content=”default-src ‘self’; frame-src ‘self’ ‘WALKME_URL’ ‘COMPANY_URL’ ‘ANOTHER_LOCAL_HOST_URL’ ‘LOCAL_HOST_URL’ blob: data: ‘MICROSOFT_LOGIN_URL’ ‘KBMAX_URL’ ‘ONE_ANOTHER_URL’ ‘ATLASSIAN_URL’ “>