BrowserPolicy.content.allowFrameOrigin Ignored

I’m trying to load the Wirdcard payment URL into an iFrame and it’s being blocked by Refused to display ‘’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors”.

I have to pass in a frame-ancestor URL when creating the payment on the server which is our main URL, but since the Meteor App on Android and iOS is using “localhost”, it’s therefore creating the clash.

I’ve tried this on the server:

Meteor.startup(function () {

It’s completely ignored by the client. Is there anything else that I need to do to tell the iFrame to ignore the CSP?


1 Like

For cordova, please check this discussion.

This hasn’t helped as it looks like all it does is define CSP rules on the index page for Cordova. I’m wanting to force the Cordova browser to ignore the frame-ancestors rules.