I'm running an OpenLiteSpeed server and would like to only allow webpages that start with a specific url on my site (e.g. https://example.com/video/**) to be iframed by others. (I want to allow anyone to add an iframe to their site, but they can only iframe https://example.com/video/**)
I added this line to my headers Content-Security-Policy "frame-ancestors 'self' https://example.com/video/", but the iframe (placed on another domain) won't load, and I get this error in console: Refused to frame 'https://example.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://example.com/video/".. I also tried without 'self' and it still didn't work.
I would really appreciate if someone can assist me with this!
Thanks!
