How to set CSP: frame-ancestors

Hello friends,

I was trying to embed a website of mine into my Figma plugin, but I come across this error:

Then I added some response headers to my backend code for the website:

But the error still keeps appearing. Does anyone have any idea?

How are you trying to embed it? Don’t draw another iframe, set the window.location to your site.

Yes, I did draw another iFrame, is there any way to make it work? And if there’s not, can you tell me why?

I don’t know but I would guess you can’t embed a website iframe in a “non-website” iframe that a Figma plugin window is (I don’t know the technical terms/differences for these). So you first need to use window.location to turn the outer iframe into a real website iframe (so it has a URL) and then you may be able to embed another iframe in it.

1 Like