Hi Team,I am trying to preview Excel files, but I am encountering an error in the browser console:"Refused to frame 'https://view.officeapps.live.com/' because it violates the following Content Security Policy directive: 'frame-src 'self' gap:'."When the Content Security Policy is disabled, it works fine, but when enabled, it doesn't.Could you please assist me in resolving this issue?
Hi Ranjeet,
What configurations do you have in Content Security Policy? I think you'll need to add the link you're trying to access https://view.officeapps.live.com/
Hi @Beatriz Sabino
And if you add just the link, that won't solve the issue? Also don't forget to delete the ";"
Hi @Ranjeet Singh
In your case, Excel preview fails because Office Online Viewer is loaded inside an iframe.
CSP blocks view.officeapps.live.com. Disabling CSP works because iframe restrictions are removed.
The fix would be is to explicitly allow that domain in frame-src.