I’m currently working on a zoom app that is able to host any website capable of Iframe functionality within the zoom app; as an Iframe. My current issue is that I keep on getting a content restriction message whenever trying to load this iframe with the zoom app hosted. I have set the allow list to the correct web domain along with setting the frame-src to the correct address; all of this with no avail still getting the same CSP restriction with the frame-src routing to “self”.
208 Refused to frame ‘https://www.w3schools.com/’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
Although the above says I didn’t set the frame-src in my web app there is the proper meta tags doing such.
Thank you for any help in advance!