We’d like to use Glitch to make some sample code about how to use an app that can be embedded as an iframe in another app. This app uses https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors to select which domains are allowed to integrate it as an iframe. I’ve added https://.glitch.me and https://.glitch.com as allowed domains. The iframe shows up correctly when opening my project url https://coal-donkey.glitch.me. However when using the “show” mode in the editor it cannot be displayed saying it violates the policy, just like it is not served from any of these domains.
Do you know how to fix this ? Thanks.