Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Adamkimm1
Contributor
‎2020-03-10 10:45 AM

Refuse to display iFrame due to frame-ancestor

I'm trying to embed a sheet, created on my qlikcloud instance, into a custom web app that I'm hosting locally (localhost:8080) but I'm getting the error "Refused to display [url] in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' localhost:8080"."

 

As you can see form the error I've added a CSP policy for frame-ancestor with the origin "localhost:8080" but it doesn't seem to work. I've tried the creating a policy with "https://jsfiddle.net" just to see if it's some weird issue with localhost but that didn't work either.

 

I'm not sure if I'm misunderstanding how Qlik's CSPs work but it's seriously slowing me down.

 

2020-03-10_10-42-43.png

Labels (4)
Labels
17,165 Views
0 Likes
1 Solution

Accepted Solutions
han
Employee
‎2020-03-10 03:32 PM

Hi

Could you verify that your local server is using HTTPS since the CSP will enforce upgrade to secure connection. This is by design after discussions with our Security Experts.

 

And in the case of jsfiddle I think that the "IDE" is on that URL/Origin but the rendered viewport is in a IFRAME with some other URL/Origin (something like: https://fiddle.jshell.net)

View solution in original post

17,135 Views
3 Replies
han
Employee
‎2020-03-10 03:32 PM

Hi

Could you verify that your local server is using HTTPS since the CSP will enforce upgrade to secure connection. This is by design after discussions with our Security Experts.

 

And in the case of jsfiddle I think that the "IDE" is on that URL/Origin but the rendered viewport is in a IFRAME with some other URL/Origin (something like: https://fiddle.jshell.net)

17,136 Views
Adamkimm1
Contributor
‎2020-03-11 11:16 AM
Author

In response to han

Thanks Han! It was that my local server was on HTTP, rather than HTTPS. Not sure about the JSFiddle but not really interested at this point anymore.

For anyone wondering, I was able to make my local server run on HTTPS by changing start script to "HTTPS=true react-scripts start" (note: this was using create-react-app).

17,096 Views
david_hg96
Partner - Contributor III
‎2024-02-02 07:59 AM

In response to Adamkimm1

Thanks a lot @Adamkimm1 

 

3,291 Views
Top