We have a custom extension that opens a link in an iFrame inside cognos. 

Clicking on extension shows this message:

Refused to connect to company.sharepoint.com

I found below message upon inspecting the webpage:

Refused to frame 'https://company.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com, .skype.com, .dynamics.com, ....,securebroker.sharepointonline.com".

Has anyone encountered similar error? How to resolve this?

We have a custom extension that opens a link in an iFrame inside cognos. 

Clicking on extension shows this message:

Refused to connect to company.sharepoint.com

I found below message upon inspecting the webpage:

Refused to frame 'https://company.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com, .skype.com, .dynamics.com, ....,securebroker.sharepointonline.com".

Has anyone encountered similar error? How to resolve this?

We have a custom extension that opens a link in an iFrame inside cognos. 

Clicking on extension shows this message:

Refused to connect to company.sharepoint.com

I found below message upon inspecting the webpage:

Refused to frame 'https://company.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com, .skype.com, .dynamics.com, ....,securebroker.sharepointonline.com".

Has anyone encountered similar error? How to resolve this?

Hi James,

This is actually caused by the SharePoint side and not the Cognos side. Your SharePoint server is setting headers in its response (e.g. Content-Security-Policy header, specifically the frame-ancestors directive or the X-FRAME-OPTIONS header) to tell the browser that this content is not allowed to be displayed inside an iFrame. This is the default behavior for SharePoint. If you have administrative access to this SharePoint server, you can change this for the respective webparts that you want to allow to be embedded by setting its "AllowFraming" value in SharePoint. (MicroSoft recommends against doing this, because some of the behaviour in the embedded webpart may not function properly when run in an iFrame (more details here).

Some people also try tackling things like this (and other issues like CORS restrictions) by proxying the respective content through a server call (which effectively just proxy's the request to your server (in the same domain as your webpage) to make the call to the remote content (since it is from your server, browser restrictions like CORS and frame-ancestors policies aren't applicable), but this can be problematic/tricky with secondary calls from the embedded content, which might also need to be proxied (there's a bit of discussion on this in the comments of this item ) 

You can read more about the frame-ancestors policy here.

We have a custom extension that opens a link in an iFrame inside cognos. 

Clicking on extension shows this message:

Refused to connect to company.sharepoint.com

I found below message upon inspecting the webpage:

Refused to frame 'https://company.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com, .skype.com, .dynamics.com, ....,securebroker.sharepointonline.com".

Has anyone encountered similar error? How to resolve this?