Nginx – Refused to frame ” because it violates the following Content Security Policy directive

We use the Confluence Companion tool to edit files from Confluence locally ( https://confluence.atlassian.com/doc/edit-files-170494553.html ) but since the last update of that tool, it is no longer working. I found out that it is because of the CSP directive that we've set in NGINX, but no matter the changes i make; nothing works.

Original CSP directive:

add_header Content-Security-Policy "default-src https: wss: blob: goedit: 'unsafe-inline' 'unsafe-eval'; connect-src https://*.atlassian.com 'self' ws:; img-src blob: https: data: 'unsafe-inline' *; font-src https: data:" always;

Result:
Refused to frame '' because it violates the following Content Security Policy directive: "default-src https: wss: blob: goedit:". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

So i figured, let's add frame-src;

add_header Content-Security-Policy "default-src https: wss: blob: goedit: 'unsafe-inline' 'unsafe-eval'; connect-src https://*.atlassian.com 'self' ws:; frame-src 'self'; img-src blob: https: data: 'unsafe-inline' *; font-src https: data:" always;

But now it reports;

Refused to frame '' because it violates the following Content Security Policy directive: "frame-src 'self'".

Kinda lost here, in the first place why it loads …. nothing? Just '', i'd expect a website there or something, but no matter the changes i make to frame-src, it keeps complaining.

What i tried:

frame-src 'self';
frame-src '*';
frame-src '';
frame-src 'self' data:;
frame-src '*.mydomain.com';
frame-src 'none';

Even tried to allow all frames via X-FRAME-OPTIONS as well as adding frame-ancestors and combining all of the above in various ways, but the result is the same.

Help is very much appriciated.

Thanks!