Refused because X-Frame-Options set to sameorigin

Hello everyone,

we are using Metabase on-Prem (Pro plan) which is embedded in a web application via iframe.
In order to allow the web app users to configure their own dashboards we want to use the full-embedding Metabase capability but it conflicts with some CSP we are not allowed to modify.

The CSP conflict is resolved in this error:
"Refuse to display 'https://theauthenticationurl.something' in a frame because it set 'X-Frame-Options' to 'sameorigin'"

FYI we authenticate Metabase via SSO SAML (Keycloack) and it work perfectly in case of Signed Embed but it is blocked in case of Full embedding.

Did anyone ecnouter a similar case/problem? Do you have any suggestion?
Let me know if futher details are needed.

Thank you all

Hi, can you write to us to the support email so we can help you over there? remember that starter (cloud hosted) and Pro have support.