I need to add a link able to access frames on Frame-ancestors, by default only contains:

self

gap:



where do i add the link to my domain?

Solution

If you are trying to set the Content-security-policy directive, one way to do that is:

  1. Add a reference to the AddHeader action of the HttpRequestHandler Producer module.
  2. In the Preparation of your screen, drag a Server Action node into the flow, and set it to use the AddHeader action from step 1. 
  3. Set the Name input parameter to "Content-Security-Policy".
  4. Set the Value input parameter to "frame-ancestors" where you replace with the correct source you want to have access. For a domain, you should use something like https://subdomain.mydomain.com (you can also use * as a wildcard). Do not use quotes around the URL. For specific named values (self/none), use single quotes, i.e. 'none'.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors for more info on valid values.

Solution