Error: "Refused to frame domain.com because it violates the following Content Security Policy directive"

A content security policy (CSP) is in place by default on all Litespeed servers. It can, however, result in javascript console errors such as:

Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".

If you're experiencing this problem, the CSP can be edited or removed in your application node layer at:

/var/www/conf/vhconf.xml

A tool such as https://report-uri.com/home/generate can be useful in generating a properly-formatted CSP header.

After modifying the vhconf.xml file, restart your application nodes to apply the change.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us