Refused to frame 'https://nextcloud.domain.org/nextcloud/' because it violates the following Content Security Policy directive: "frame-src https://office.domain.org:9980".

[Ludovicis]

Describe the bug
No visual for IFRAME widget in Dashboard App

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Dasboard app'
2. Click on 'Add a Widget'
3. Click on 'IFRAME 7'
4. No visual for the IFRAME 7

Expected behavior
Visual for the IFRAME7

Desktop (please complete the following information):

• OS: Windows 10 X64
• Browser hrome
• Version Version 77.0.3865.120 (Build officiel) (64 bits)

DevTools Chrome Network log:
Refused to frame 'https://nextcloud.domain.org/nextcloud/' because it violates the following Content Security Policy directive: "frame-src https://office.domain.org:9980".

I have Collabora Online app activated

[MarkPartlett]

Sorry... I am still trying to work out how to modify the CORs hearder within the /dashboardcharts/ app. The work around is modifying the \nextcloud\lib\public\AppFramework\HttpContentSecurityPolicy.php file directly.