Iframe pdf from local-server is blocked

Hello, I wanted to display a PDF file from the local server using the new iframe function, but I can't see the document in Chrome and Edge (in firefox it works). Do you know what might be causing this?

Could it be related to the Jetty server having default-src 'none' set in the Content Security Policy? How could I change this? The document does show up in Firefox.

iframe on the Dashboard:

Result: this page is blocked by chrome

{
"browser-info": {
"language": "de-DE",
"platform": "Win32",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36",
"vendor": "Google Inc."
},
"metabase-info": {
"databases": [
"h2",
"oracle",
"sqlserver"
],
"run-mode": "prod",
"plan-alias": "",
"version": {
"date": "2024-10-23",
"tag": "v0.51.1",
"hash": "b8178a8"
},
"settings": {
"report-timezone": null
},
"hosting-env": "unknown",
"application-database": "postgres",
"application-database-details": {
"database": {
"name": "PostgreSQL",
"version": "16.1"
},
"jdbc-driver": {
"name": "PostgreSQL JDBC Driver",
"version": "42.7.3"
}
}
},
"system-info": {
"file.encoding": "Cp1252",
"java.runtime.name": "OpenJDK Runtime Environment",
"java.runtime.version": "17.0.7+7-LTS",
"java.vendor": "Microsoft",
"java.vendor.url": "https://www.microsoft.com",
"java.version": "17.0.7",
"java.vm.name": "OpenJDK 64-Bit Server VM",
"java.vm.version": "17.0.7+7-LTS",
"os.name": "Windows Server 2019",
"os.version": "10.0",
"user.language": "de",
"user.timezone": "Europe/Berlin"
}
}

Is it possible chrome doesn't think the site is secure so it blocks it?

My guess is you should get a bunch of errors in the console tab of the developer tools