I try applying the changes in legacy, .htaccess, ContentSecurityPolicy.php, all dont work. Finally I change in apache httpd.conf, add this
Header set Content-Security-Policy “frame-ancestors ‘self’ *.mydomain.etc;”
It works for me now. More details are here
https://helpcenter.onlyoffice.com/server/integration-edition/third-party-domains.aspx