I am using an iframe to load the looker dashboard in our angular application but getting the below error.
Refused to frame 'https://looker.lab.redseal.net:9999/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
Your application publishes default Content Security Policy with default-src 'self' rule (only resources from site's own domain are allowed). Therefore https://looker.lab.redseal.net:9999/ is not allowed.
I can guess this is trick of Helmet middleware, v4 switches default CSP On, while v3 - does not.
You can modify CSP to default-src 'self'; frame-src https://looker.lab.redseal.net:9999; to allow this iframe. See the helmet.contentSecurityPolicy(options) for details.
Or you can disable CSP at all (this reduced security).
