Lets talk about “The Content-Security-Policy directive ‘frame-ancestors’ does not support the source expression ”unsafe-inline” for allowed site”.
This is known issue in 2.4.3 release Magento doc. https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-3.html#known-issues.
So, for being time, we can fix this issue temporarily.
The solution is to creating own custom module to extending the Magento_Csp module.
Step 1: Declaration of Module
It is necessary to create etc folder and add the module.xml file in it
app/code/Thecoachsmb/CustomCSP/etc/module.xml
Contents would be:
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
<module name="Thecoachsmb_CustomCSP" >
<sequence>
<module name="Magento_Csp"/>
</sequence>
</module>
</config>Step 2: Registration of Module
To register the module, create a registration.php file in the app/code/Thecoachsmb/CustomCSP/registration.php
Contents would be:
<?php
\Magento\Framework\Component\ComponentRegistrar::register(
\Magento\Framework\Component\ComponentRegistrar::MODULE,
'Thecoachsmb_CustomCSP',
__DIR__
);
Step 3: Configuration of Module
In the app/code/Thecoachsmb/CustomCSP/etc/config.xml file we want to modify the frame-ancestor policy and set it to 0.
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
<default>
<csp>
<policies>
<storefront>
<frame-ancestors>
<inline>0</inline>
</frame-ancestors>
</storefront>
<admin>
<frame-ancestors>
<inline>0</inline>
</frame-ancestors>
</admin>
</policies>
</csp>
</default>
</config>Then run:
php bin/magento s:up && php bin/magento se:s:d -f && php bin/magento c:fThat’s it.
We would love to hear from you. Do comment below giving your feedback.