In the example above, the declaration frame-src 'self' prevents declarations are set to a very strict level and will, among other things, prevent the embedding of external content using, for example, Oembed. This is the strictest setting for this property. If you want to allow the embedding of external content in the backend backend environment, you need to relax this ruleone or more of these rules. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy for more information. |