I have generated Web Mash Up for one of my application and created a HTML file using this code. But when I have tried to execute the HTML file, Pega Lab refused to connect. I have also enabled samesite cookie attribute. When inspecting, in the console panel it is showing "Refused to frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ". Note that '’ matches only URLs with network schemes (‘http’, ‘https’, ‘ws’, ‘wss’), or URLs whose scheme matches self’s scheme. The scheme ‘https:’ must be added explicitly.”
@ShubhrajitS
Looks like you might be running into a third-party cookie issue with your mashup, please check this Support Doc for possible solutions
@ShubhrajitS
can you share the resolution?
@SunilS17 We are also facing same issue. Please let me know here if you find a solution
@MarijeSchillern Thanks for your reply. Issue i am facing is not related to the Lab environment. I have configured my CSP to report only which you can see in the attached. But its faiilng to load because of the X-frame-options header which is set to same origin. I am facing this issue when i access pega from load balancer url but if i access directly pega nodes i dont see this issue.
If you are using a pegalabs environment then note that issues in pegalabs environment are not actively supported.
Please refer the below url:
You can reach out to your account executive for Pega Consulting help. Charges may be involved.
If the issue is not related to Labs then it might be related to the Content Security Policy (CSP) of your application. The error message suggests that the CSP directive “frame-ancestors ‘’” is being violated. This directive restricts which sources can embed the current page as a frame, iframe, object, embed, or applet. The ‘’ wildcard only matches URLs with network schemes (‘http’, ‘https’, ‘ws’, ‘wss’), or URLs whose scheme matches self’s scheme.
If your Lab URL is using ‘https:’, it must be added explicitly to the CSP directive. Please review and adjust your CSP settings accordingly.
Please go through the support documents below:
Troubleshooting Pega mashup issues caused by browsers blocking third-party cookies.
Supported Content Security Policy (CSP) for Traditional UI and Constellation UI
If you still need help and if you are not using a Lab, then please log a support incident via the MSP.
@ManjunathaM0626 this is a closed/resolved question thread for a user who was using Labs. Yours is a different issue.
The error could be caused by the load balancer not correctly forwarding the scheme (http or https) to Pega. When accessing directly from Pega nodes, the scheme is known and matches, hence no error. But when accessing through the load balancer, if the scheme is not forwarded correctly, it could cause this error. Another possible cause could be the configuration of the load balancer itself. If the load balancer is configured to use a different scheme (http or https) than the one used by Pega, it could cause this error.
As already suggested:
—> Please log a support incident via the MSP and let us know the INC id so that we can help track it.