I’m trying to load the Wirdcard payment URL into an iFrame and it’s being blocked by Refused to display ‘https://wpp-test.wirecard.com/seamless’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors https://example.com”.
I have to pass in a frame-ancestor URL when creating the payment on the server which is our main URL, but since the Meteor App on Android and iOS is using “localhost”, it’s therefore creating the clash.
I’ve tried this on the server:
Meteor.startup(function () {
BrowserPolicy.content.allowFrameOrigin("https://wpp-test.wirecard.com/");
});
It’s completely ignored by the client. Is there anything else that I need to do to tell the iFrame to ignore the CSP?
Thanks!