A content security policy (CSP) is in place by default on all Litespeed servers. It can, however, result in javascript console errors such as:
Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".If you’re experiencing this problem, the CSP can be edited or removed in your application node layer at:
/var/www/conf/vhconf.xmlA tool such as https://report-uri.com/home/generate can be useful in generating a properly-formatted CSP header.
After modifying the vhconf.xml file, restart your application nodes to apply the change.