The error I receive is:
Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "default-src self". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
Here’s the link to the other post: Iframe in a Zoom app - Zoom Apps - Zoom Developer Forum
Where/how do I add a CSP header? And what should its contents be?