I'm using Metabase as signed embedded on my web application.
I've set up a click behavior with 'custom destinations' to move the user from one dashboard to another. the custom destinations work perfectly fine on Metabase app, but not on embed mode.
The error we're getting is:
Refused to frame 'https://metabase.example.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'"
With custom destination you do not set the url, you set up a click behavior that is linked to another dashboard. thing is that when you use signed embedded you encode parameters and send them as a token. this is not the behavior on embed