Content Security Policy violation

[hobot43]

Has anyone ever come across this:

Refused to display 'https://us-east-...' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://www.[url].com".

The embed URL returns fine, and works in its own browser. I have added headers to my nginx.conf file like: add_header Content-Security-Policy "frame-ancestors https:";

[ajkulkarni]

Have you whitelisted your domain in QuickSight? Follow this doc: https://docs.aws.amazon.com/quicksight/latest/user/approve-domain-for-dashboard-embedding.html

[hobot43]

Oh geez you win again. I had whitelisted the www. version but not the one without it.

[evolving-zd]

I have whitelisted my domain in QuickSight (include subdomains), but I still got similar errors:

"Refused to frame 'https://us-west-2.quicksight.aws.amazon.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'"."

Could you advise