I’m trying to add Content Security Policy to my Gatsby x Netlify website through a _headers
file. Everything works fine, except for a Matterport iFrame that doesn’t want to be displayed. The error message I see in the console is
Refused to frame 'https://my.matterport.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
In my headers file, I added the following X-Frame-Options:
X-Frame-Options: ALLOW-FROM https://*.matterport.com/
And I also have this frame-src
in my Content Security Policy:
frame-src 'self' https://www.youtube.com/ https://my.matterport.com https://matterport.com;
But the iFrames still look like this: Matterport iFrames not displaying
Can someone help me figure out what I’m doing wrong here?
Thank you!