I use a custom Java application that aggregates more tools, including Phabricator and cannot find a way to disable CSP and allow integration in iframe.
Already looked into https://github.com/phacility/phabricator/blob/master/src/aphront/response/AphrontResponse.php#L169
and while it opens it takes the whole browser tab, escaping the iframe.
To be mentioned: both aggregation front application and phabricator are self-hosted (public subdomain for each).
dash.example.com - main app with 3rd party tools in iframes
usage.example.com - grafana in iframe (works)
phab.example.com - does not work even with “frame-ancestors *.example ..example.com”
Is there any workaround to allow this type of setup?
Thank you in advance.