What are the default CORS & CSP settings? I always get this error:

Refused to frame '<https://zen-gooddata-dev.auth.us-west-2.amazoncognito.com/>' because it violates the following Content Security Policy directive: "frame-src 'self' *.<http://hsforms.com|hsforms.com> *.<http://appcues.com|appcues.com> *.<http://intercom.io|intercom.io> *.<http://intercomcdn.com|intercomcdn.com> *.<http://okta.com|okta.com> *.<http://auth0.com|auth0.com> *.<http://cloud-iam.com|cloud-iam.com> <http://accounts.google.com|accounts.google.com> <http://d3ij350uzls03h.cloudfront.net|d3ij350uzls03h.cloudfront.net>".

Please check the bellow manual which I hope will help here: https://www.gooddata.com/docs/cloud/manage-organization/set-up-csp-for-organization/#set-csp-directives