Refused to frame ‘https://eu-west-2.quicksight.aws.amazon.com/’ because an ancestor violates the following Content Security Policy directive: “frame-ancestors https://us-central1-myFunction.cloudfunctions.net”.
Hi and thank you for taking a look at my issue. I have read all the other topics posted on this issue but still haven’t been able to rectify it. This only applies to the Q Bar; my dashboards load fine in an iFrame in the same page.
I had this working without problems until I deleted my Topic and created a new one. I can confirm that I can retrieve the URL of the QBar just fine. I have also followed the advice of adding the CSP directive to my function (code below).
However, my assumption is this on my page’s server, which I am serving from Firebase hosting, and I have added a CSP response header there too, although it’s strange that this would now be required considering it worked before.
So, I am posting this in case I missed something when I created the new topic. Any advice would be really appreciated. Thank you…
const setCSPHeader = (response) => {
response.set('Content-Security-Policy', "frame-ancestors 'self' https://us-central1-myFunction.cloudfunctions.net https://eu-west-2.quicksight.aws.amazon.com");
};```