Content-Security-Policy: frame-ancestors http://www.facebook.com;
k this is what i have coming through
do i need that entire url in the frame-ancestors?
- Refused to load https://www.facebook.com/v3.3/plugins/customerchat.php?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D44%23cb%3Df17552615cec0a2%26domain%3Dgreatwestradon.com%26origin%3Dhttps%253A%252F%252Fgreatwestradon.com%252Ff1e38712eb50ffe%26relation%3Dparent.parent&container_width=0&locale=en_US&logged_in_greeting=Hi!%20Feel%20free%20to%20ask%20us%20a%20question%20as%20you%20explore!&logged_out_greeting=Hi!%20Feel%20free%20to%20ask%20us%20a%20question%20as%20you%20explore!&page_id=774170459596443&sdk=joey&theme_color=%23009bd1 because it does not appear in the frame-ancestors directive of the Content Security Policy.
but i'm still getting the error in Safari
coming through on the logo.svg request now as well
ok i've got this setup now via my htaccess file in the /public dir
ermmm..so frustrating..this makes no sense
you mentioned seeing CSP headers on that domain in the network tab...I can't see any, where did you see that?