I am having a problem embedding pollunit onto a google site, the console error shows:
Refused to frame 'https://pollunit.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' pollunit.com *.pollunit.com sites.google.com apis.google.com".
The site domain is https://sites.google.com/
I've tried whitelisting any combination of google.com sites.google etc. but none seem to get the job done… I'm using the google sites embed widget.
Any hints are welcome.
Thanks in advance,
Can you please send the direct link where the PollUnit is embedded to email@example.com? Then I can have a look.
Unfortunately the site is auth only and I am not allowed to share the access. Can we find out anything from the logs, e.g. to see exactly what domain the request is coming from so that I can whitelist it properly?
If you inspect the network requests, I think you should look for the "Referer" in the request headers of the network request that loads the iframe from PollUnit.
However, pollunit only allows me to input either sites.google.com or ecovadis.com (not sites.google.com/ecovadis.com) but none of them solve the issue…
I manually added "sites.google.com/ecovadis.com" to the allowed hosts. Can you try again if the embedding works now? And please don't change the allowed hosts now, because I think this entry might be rejected.
Ok, Sorry! I'm looking with a colleague tomorrow into this.
Thank you Philipp, much appreciated!
Sorry but we could not find out more. The easiest solution would be if you can give us access to a test page where you try the embedding. If you do so, please don't share it here in public, but send it to me by mail to firstname.lastname@example.org.
I am having the same sort of problem with embedding Pollunit on my Google Site. Was there a solution found?
We could not find a solution, because the embedded PollUnits where requested each time from a different frame ancestor. So we could not whitelist them. Unfortunately we can't do anything to fix this.