We’ve launched a new Help Center!

Visit the new Documentation space for Azure DevOps, monday.com, and Jira. Or, if you require any assistance or have any questions, please visit the new Customer Support Portal for Azure DevOps, monday.com and Jira.

Connection problem: refused to frame '' because it violates the following content security policy directive default-src

Officially Answered

Comments

1 comment

  • Avatar
    dev

    Hello, SImon

    Thank you for your message.

    This is the CSP policy restriction. CSP policies are blocking attempts at loading content from domains outside of the ones whitelisted in the CSP policy. To prevent this you need to add appropriate CSP header in your server IIS.

    Here the article about how to add header in IIS - https://www.reflections-ibs.com/blog/article/hardening-your-http-response-headers-in-iis-server-security-headers

    To allow loading all kind of content you can try to add header like - Content-Security-Policy: default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'

    I strongly recommend studying this topic about CSP policy in more depth. I just gave you an example

    But the main cause may be http/https combination. Both TFS and Timetracker should have either http or https

    Best Regards

    Dmitrii Vavel

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk