The application filters out frame-ancestors if it exists in content-security-policy but it doesn't check Content-Security-Policy (with uppercase for the first letter) which is the recommend style in most guides.
In our use-case, we integrate Jitsi with our Keycloak server as identity provider and it uses Content-Security-Policy. So, it doesn't work if the application doesn't have this update.
The application filters out
frame-ancestors
if it exists incontent-security-policy
but it doesn't checkContent-Security-Policy
(with uppercase for the first letter) which is the recommend style in most guides.In our use-case, we integrate
Jitsi
with ourKeycloak
server as identity provider and it usesContent-Security-Policy
. So, it doesn't work if the application doesn't have this update.