I want to add iframe in my app,but was rejected

Hi @Mockplus,

It looks like your Server is returning a CSP header that does not permit the browser to display your page as an iframe. You need to correctly set the frame-src value of your Content-Security-Policy header.


hello Sven, Thank you very much for your answer.

I built an app with forge.I want to use iframe to embed my own website. then,prompt me the error in the first picture above,should I make relevant CSP settings on my own website?

1 Like

Sorry, I was completely oblivious to the fact that you’re doing this in Forge!

In that case you’d of course need some way to set this in Forge but it looks like you can currently only control the CSP for images and styles. Hopefully someone from Atlassian will chime in to tell us whether they’re working on providing us further control over the Custom UI CSP values.



Anyway, thank you very much, and hope that someone from Atlassian will pay attention to my question.

@Mockplus - welcome, glad you made the jump from Atlassian Community to Atlassian Developer Community!

Hi @Mockplus ,

Currently, there’s no way to specify iframes and have them bypass the Forge Content Security Policies.

What use case are you trying to achieve? One alternative would be to specify your domains inside client permissions. This gives you the ability to make a window.fetch call to the site, and you can embed or display the HTML response.