Unable to use iframe in chrome

I tried to load a query visualization via the iframe link, and it only worked with Firefox. Other browsers such as Chrome and Edge show the below error:
" refused to connect."
Additionally, I tried to change some configurations in init.py and security.py files in the docker container.

I’m using the Redash docker container.


I faced the same issue when I upgraded to chrome V88 (security checks have been enforced).
I believe that you have updated these following values in the init.py file:


Can you please specify which value you have set and the exact error you have ? (you can get it from the network tab of the debugger mode (F12))

Last question: how your container is hosted?

On my side, I had to correctly configure HTTPS on the redash host and update my traefik configuration. (first parameters were not helpful in my setup)

I changed these values in __init__.py (This file was changed in the docker container directly) :

FRAME_OPTIONS_ALLOW_FROM = os.environ.get(

In the console this message is shown:

Refused to frame ‘’ because an ancestor violates the following Content Security Policy directive: “frame-ancestors *”.

I pulled the Redash image from this repository:
docker pull redash/redash

Thanks for the reply.

Redash needs to answer what the website hosting the website is expecting.
We need to to compare the request and answer headers (probably a pre-flight command)

Look at the network tab is should tell you what is expecting

I’ve changed the value in __init__.py as follows:

    "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; font-src 'self' data:; img-src 'self' http: https: data:; object-src 'none';"

removed frame-ancestors 'none'; frame-src redash.io; in the second parameter. Also, I’ve changed the security.py file as follow:

#embedable_csp = talisman.content_security_policy + "frame-ancestors *;"
embedable_csp = talisman.content_security_policy 

These changes cause iframe to work in chrome.

1 Like

well done;
glad that it is working now