When I try to open CODE in popup (iframe), I get following error:
Refused to frame ‘https ://oo.hlint.com/’ because an ancestor violates the following Content Security Policy directive: “frame-ancestors oo.hlint.com:* sl-test.hermonlabs.com:*”.
This is the form that I submit:
<form action="https://oo.hlint.com/loleaflet/d12ab86/loleaflet.html?WOPISrc=http://sl-test.hermonlabs.com:54321/wopi/files/56248" enctype="multipart/form-data" id="collabora-submit-form" method="post" novalidate="" target="collabora-online-viewer" ><input id="access-token" name="access_token" type="hidden" value="test"><input type="submit" value=""></form>
From what I see, CODE is adding both its own host and wopi host to frame-ancestors. For some reason, chrome doesn’t like it this way. Before I was using a trick and was loading CODE through IP instead of hostname. It was working somehow, but now I’ve got it running on appliance that only allows HTTPS, so I can’t run it through IP because SSL certificate won’t match.