
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Impossible to embed iframes because of CSP ancestor policy
I need to embed a Qlik Sense App in an external webpage (mashup), accessible without authentication.
According to this:
https://community.qlik.com/t5/Knowledge/Qlik-Sense-SaaS-does-not-display-in-a-frame-because-an-ances...
"The correct way is to add the hostname of the server that hosts the mashup as frame-ancestors in Content Security Policy in the console".
I set up a CSP policy with such hostname (I tried different combinations: the techinical hostname of the Linux server, the public domain, and the subdomain which is the one actually serving the iframe), but in all cases the error in the JS console is the same:
So, why "none"? Shouldn't it be the hostname that I specify?
Anyway, as stated at the beginning, I just need a way to embed an iframe without asking for user login. Thank you and kind regards.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This suggests that there may be something else that is injecting the CSP header and overwriting the Qlik Sense setting.
Are you able to try connecting using a different net connection or outside of a VPN?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We tried with different locations and there is no VPN involved.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you share what CSP you have entered in the console?
