Article - CS346514
Access to ThingWorx Mashup embedded in iFrame fails with error "Refused to frame 'https://<URL>' because an ancestor violates the following Content Security Policy directive: 'frame-ancestors 'self"
Modified: 13-Jan-2026
Applies To
- Windchill Navigate (formerly ThingWorx Navigate) 8.5.0 to 9.6
- ThingWorx Platform 9.0 to 10.0
- Vuforia Studio 9.0.0 to 9.11.0
- Windchill PDMLink 12.0 to 13.0
Description
- Getting error when attempting to load a Mashup that is embedded in an iFrame
- Getting error when accessing the ThingWorx Mashup embedded in Web Frame widget of Vuforia Studio
- Receiving error when accessing ThingWorx Mashup embedded in iFrame:
Refused to frame 'https://<URL>' because an ancestor violates the following Content Security Policy directive: 'frame-ancestors 'self
-
Integration between Windchill and ThingWorx blocked by CSP header configuration
- Attempting to open Digital Product Traceability (DPT) in Windchill and the ThingWorx Mashup will not display
- Cannot use DPT related Mashup in Windchill PDMLink
- Errors shown in the Mashup page of Windchill PDMLink tab:
https://<URL> refused to connect <ipAddress> refused to connect
This is a printer-friendly version of Article 346514 and may be out of date. For the latest version click CS346514