Please let me know. I’m nginx.
ex)
a.mydomain.com > nextcloud site
b.mydomain.com > mattermost site
add_header X-Frame-Options "ARROW-FROM http://a.mydomain.com";
add_header Content-Security-Policy "default-src 'self' a.mycomain.com";
Even if I add the above to Mattermost’s nginx, it will be rejected.
It is blank if it is Chrome.
Below is Firefox.
Blocked by content security policy
An error occurred while connecting to b.mydomain.com.
This page has been canceled because it contains content that is prohibited to be read by the security policy.
Regards,