I tried to show dashboard on our internal web app using Iframe.
When using Chrome based browser (Edge or Opera) the dashboard is not shown up.
Its said "[URL] refused to connect." and in the browser console there is message "Refused to frame '[URL]' because an ancestor violates the following Content Security Policy directive: "frame-ancestors *".".
Everything is fine if I'm using Firefox.
Is there any problem with our metabase config or the problem lies on Chrome based browser ?
@bluematter Please post "Diagnostic Info" from Admin > Troubleshooting.
It's difficult to tell if it is a configuration problem or not, since there's not a lot of information to go on.
I'm guessing you're using https://www.metabase.com/docs/latest/administration-guide/13-embedding.html and you have defined Site URL in Admin > Settings > General correctly.
@bluematter Okay, so you are using Public Sharing, not Embedding.
I cannot reproduce, so I'm guessing it has something to do with your CSP headers - either where you have the iframe or if you have modified the headers that Metabase sends.
thanks for responding.
I think some how we solved the problem. For some unknown reason the Iframe won't show up if we opened the html file directly from chrome based browser. But if we deploy into our server then everything running well. Maybe it got something to do with how Chrome handle Iframe from local file.
@bluematter Yes, browsers has quite high security now compared to just a year or two ago. Developing locally with external components requires you to lower the security. But it's best to work with real domains and https, since you then avoid such problems.