Hi - I have a site with an Access policy In front of it. This site is embedded in an iframe but doesn’t work due to the following error:
Refused to frame 'https://XXXX.cloudflareaccess.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
I’ve used Fiddler, and when I hit my app, I get 302 redirected to the cloudflare access portal above (which is to be expected), but frame-ancestors header comes back as:
frame-ancestors 'none'; connect-src http://127.0.0.1:*; default-src https: 'unsafe-inline'
I can’t find any setting for me to alter this, so I’m guessing CF is enforcing it through Access? I am struggling to create a ticket at the moment so hopefully someone can help with this.
Thanks in advance