Question regarding “Content-Security-Policy”


I have setup ownCloud both on a shared hosting and on a private server and what I would like is to add a iframe to the public download page.

I’ve editted …/apps/files_sharing/templates/public.php to add my iframe code for my facebook page, but it stays white and doesn’t load.

Chrome console states the following:
Refused to frame ‘[FB LINK HERE]’ because it violates the following Content Security Policy directive: “frame-src ‘self’”.

owncloud-forum is here:

But at the moment you can only completely remove the CSP-headers from the code by hand. There was a topic recently on the owncloud forum (solution for NC would be the same).

Ooops… I meant NextCloud, I just upgraded when I made the post :smiley: