I’m trying to add Content Security Policy to my website through a
_headers file. Everything works fine, except for a Matterport iFrame that doesn’t want to be displayed. The error message I see in the console is
Refused to frame 'https://my.matterport.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
The page on which this error occurs is: https://3dvr.netlify.app/projets
In my headers file, I added the following X-Frame-Options:
X-Frame-Options: ALLOW-FROM https://*.matterport.com/
And I also have this
frame-src in my Content Security Policy:
frame-src 'self' https://www.youtube.com/ https://my.matterport.com https://matterport.com;
Can someone help me figure out what I’m doing wrong here?