I am trying to set up a site that uses a plugin to make some pages on my site into a mobile app. The site is giving me an error “a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘self’”.” I know that having the frame-ancestors set to self does not allow subdomains.
{% extends 'roles/nginx/templates/nginx.conf.j2' %}
{% block server_basic -%}
{{ super() }}
add_header Content-Security-Policy "default-src 'none'; script-src https://{{ site_hosts_canonical | join(' https://') }};
{% endblock %}
I have this set in my nginx-includes directory for my subdomain config js file and the server configuration settings don’t get set.