Content Security Policy (CSP) issue – frame-src 'self’

If the accessibility widget does not load on your website and the browser console reports a Content Security Policy (CSP) error, the most common cause is a restrictive frame-src directive.

How to identify the issue?

In the browser developer console, you may see an error indicating that frames are only allowed from the same origin (frame-src 'self').

How to fix it?

To allow the accessibility widget to function correctly, update your CSP configuration to include the following domain: wcag.dock.codes

Example CSP configuration: default-src 'self' wcag.dock.codes;<br /> frame-src 'self' wcag.dock.codes;

After applying the changes and refreshing the page, the widget should load correctly. This adjustment maintains a high security level, as it allows content only from a trusted domain responsible for accessibility features.