topic How to Allow Framing of CyberSource in iframe with CSP frame-ancestors Directive? in Integration and Testing https://community.developer.cybersource.com/t5/Integration-and-Testing/How-to-Allow-Framing-of-CyberSource-in-iframe-with-CSP-frame/m-p/91091#M57235 <P>I'm working on embedding a page from <A href="https://apitest.cybersource.com/" target="_blank" rel="noopener">https://apitest.cybersource.com/</A> in an iframe, but I'm encountering the following error:<BR />Refused to frame '<A href="https://apitest.cybersource.com/" target="_blank" rel="noopener">https://apitest.cybersource.com/</A>' because an ancestor violates the following Content Security Policy directive: "frame-ancestors <A href="https://example.com&quot;" target="_blank" rel="noopener">https://example.com".</A></P><P>It is restricting to show the div&nbsp;<SPAN>components that are replaced with&nbsp;&nbsp;</SPAN>Click to Pay Drop-In UI&nbsp;iframes<SPAN>.</SPAN></P><H3>What I’ve Tried:</H3><OL><LI><P><STRONG>Adding CSP Headers in Node.js:</STRONG> I attempted to modify the Content-Security-Policy header in my Express.js server:</P><DIV class=""><DIV class="">js</DIV><DIV class="">res.<SPAN class="">setHeader</SPAN>( <SPAN class="">'Content-Security-Policy'</SPAN>, <SPAN class="">"frame-ancestors 'self' <A href="https://example.com" target="_blank" rel="noopener">https://example.com</A> <A href="https://apitest.cybersource.com" target="_blank" rel="noopener">https://apitest.cybersource.com</A>;"</SPAN> );</DIV></DIV></LI></OL><P><BR /><BR /></P> Tue, 21 Jan 2025 10:55:40 GMT shivani_kumbhar 2025-01-21T10:55:40Z How to Allow Framing of CyberSource in iframe with CSP frame-ancestors Directive? https://community.developer.cybersource.com/t5/Integration-and-Testing/How-to-Allow-Framing-of-CyberSource-in-iframe-with-CSP-frame/m-p/91091#M57235 <P>I'm working on embedding a page from <A href="https://apitest.cybersource.com/" target="_blank" rel="noopener">https://apitest.cybersource.com/</A> in an iframe, but I'm encountering the following error:<BR />Refused to frame '<A href="https://apitest.cybersource.com/" target="_blank" rel="noopener">https://apitest.cybersource.com/</A>' because an ancestor violates the following Content Security Policy directive: "frame-ancestors <A href="https://example.com&quot;" target="_blank" rel="noopener">https://example.com".</A></P><P>It is restricting to show the div&nbsp;<SPAN>components that are replaced with&nbsp;&nbsp;</SPAN>Click to Pay Drop-In UI&nbsp;iframes<SPAN>.</SPAN></P><H3>What I’ve Tried:</H3><OL><LI><P><STRONG>Adding CSP Headers in Node.js:</STRONG> I attempted to modify the Content-Security-Policy header in my Express.js server:</P><DIV class=""><DIV class="">js</DIV><DIV class="">res.<SPAN class="">setHeader</SPAN>( <SPAN class="">'Content-Security-Policy'</SPAN>, <SPAN class="">"frame-ancestors 'self' <A href="https://example.com" target="_blank" rel="noopener">https://example.com</A> <A href="https://apitest.cybersource.com" target="_blank" rel="noopener">https://apitest.cybersource.com</A>;"</SPAN> );</DIV></DIV></LI></OL><P><BR /><BR /></P> Tue, 21 Jan 2025 10:55:40 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/How-to-Allow-Framing-of-CyberSource-in-iframe-with-CSP-frame/m-p/91091#M57235 shivani_kumbhar 2025-01-21T10:55:40Z