Hi guys,

I have this page in Reactive, which contains an iframe. Everything looks good, except in Safari.

There is a functionality in the iframe's page that allows downloading a file. It works in all browsers except Safari, which returns the error "Refused to load .... because it does not appear in the frame-ancestors directive of the Content Security Policy."

So, going through internet, I see that I need to add in the Head the following "Content-Security-Policy: frame-ancestors http://iframeurl".

According to here I cannot do it in a meta tag for frame-ancesters which is what I need. It needs to be something else, but so far I couldn't figure out.

Also, I cannot use the AddHeader from HTTPRequestHandler extension because this is Reactive, or at least, it didn't work which I suppose it is because its reactive.

Have any of you guys experienced something familiar? Got into a solution?

I was looking for a script to add a tag into DOM, but with no success either.

I appreciate any input you might have.

Thank you,


Hi Nelson,

You should be able to configure content security policy in Lifetime.

Tiago Simões

Hey Tiago,

thank you for your answer, actually Litetime creates a meta element, which is not allowed for the "frame-ancestors" property, unless I'm not seeing it correctly.

Anyway, today I figured that the issue was not in the Reactive page, but in the page inside of the iframe, so the change was needed to be done in the iframe's page's platform. It was just a matter of going to that platform configurations and allow embedding in an iframe. I did it and it worked. The curious thing is that this change is not needed for other browsers, only Safari.

Thank you,