Reputation: 35
iFrame says "Refused to frame 'xx.xx' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://xx.xx"."
I'm trying to connect to play.google.com in my website iframe and I'm receiving this error:
Refused to frame 'https://play.google.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://play.google.com".
Am I missing some thing??
Here is the code:
Here is the error:
Can I do something so that I can work?
The code reference which I took from google is here.
I was trying to render the iframe after using Android Management API. What I was expecting is when I open the url directly in new tab then it's working but when I try to open in iframe it's not working. It should work in iframe!
Upvotes: 0
Views: 1438
Answers (1)
Reputation: 191
This problem can occur when you render the Managed Configurations iframe over an ‘http’ (unsecure) connection. I suggest you embed your iframe with an ‘https’ (secure) connection to prevent cross-site scripting attacks. I tested this locally, and swapping to ‘https’ resolved the issue in my tests.
Upvotes: 1
Related Questions
- Content Security Policy directive: "frame-ancestors 'self'
- content security policy frame-ancestors
- Content Security Policy frame-ancestors. Iframe wont load content in iOS10
- "Content-Security-Policy", "frame-ancestors *" from android_asset
- Refused to frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors
- Embedding an Iframe having CSP 2.0 in a mobile app: "frame-ancestors" issue
- Refused to display in a frame
- Android iframe bug
- Getting around X-Frame-Options DENY in an Android WebView
- iframe on Android browser issue