Frame-ancestors error while displaying in electron

Hi,

I’m now using self-hosted redash v8.0 installed by docker using all default settings. While the embedded dashboard works great on the Chrome browser, it will show an frame-ancestors error when displaying on our client built by the latest Electron:
Refused to display ‘http://10.10.75.139:5000/public/dashboards/Hnbzhib5Iumi4KXy6Uy12MGqtzjJYqWOJB4N990u?org_slug=default’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors *”.

I’ve also tried redash v7.0 and it works fine with our client. However, the new parameter feature is really what I want. I guess the problem might be related to __init__.py files under (redash directory)/redash/settings because it is quite different between 7.0 and 8.0 and have a settings for the frame-ancestors on Line 121 in v8.0.

One way to reproduce the error in case you need: Clone the rocketChat elctron client. Goto github https://github.com/RocketChat/Rocket.Chat.Electron, clone the project, then run yarn and yarn start command. Add a frame and set source to the redash dashboard and it will report the same error.

Does anyone have ideas or suggestions? I can provide more detail if you need.

Thank you and keep up the good work.

I don’t have a direct answer for what’s causing this. But it probably came from this issue / PR:

This commit from February 2018 might be the culprit:

Updates: Finally. I figured out how to solve the problem. Change the (redash directory)/redash/security.py file Line 16, delete the frame-ancestors *. Also change the (redash directory)/redash/settings/__init__.py file Line 121, delete frame-ancestors ‘none’; then it works.