Connect Card: Adding domain to the frame-ancestors Content Security Policy
Could you please add http://localhost:8000, *.carta.team, and *.carta.com ?
We are trying to embed connect card in iframe, but getting CSP cors issue.
Log from console: Framing 'https://fivetran.com/' violates the following Content Security Policy directive: "frame-ancestors 'self' https://www.fivetran.com https://support.fivetran.com". The request has been blocked.
I was not able to locate a field in setting where I can add allowed domains.
If you could either point me to the right page, or if you can add the above domains, it'd be greatly appreciated.
Thanks
-
Official comment
Hi Kyungjoon,
This is Ryan, the PM for Powered by Fivetran. We unfortunately don't allow you to embed connect cards in iframes to prevent clickjacking. As a result, we're deliberately blocking these requests and don't currently have plans to change this. We will keep this on our radar though.
Ryan Waldorf
Senior Product Manager, Developer Experience
Please sign in to leave a comment.
Comments
1 comment