Unfortunately the X-Frame-Options: sameorigin header seems to win over a
Content-Secuirty-Policy: frame-ancestors right now, so I am forced to
remove the X-Frame-Options header and add a CSP header event though it
only works for some web browers.
I can confirm, same error in Chrome 60. Here is the link to the google
page that explains that change (and confirms that it was released in
Chrome 60) https://www.chromestatus.com/feature/4678102647046144 Trying
a Content-Security-Policy header to fi...
