Hi everyone, We've encountered a new error related to CSP directives. This issue occurred previously, and you can find the archived discussion and solution here https://gooddataconnect.slack.com/archives/C04S1MSLEAW/p1709833823180349?thread_ts=1709813546.829799&cid=C04S1MSLEAW the previous fix involved deleting the CSP directive using the API. Currently, the iframe loads correctly, but attempting to explore a visualization right after the dashboard loads causes everything to break. Here's a video demonstrating the error. What steps can we take to resolve this issue? Thanks!

Hi Alexandre, Can you please confirm that these exact steps were working before and if so, when has the issue started?

thx @Julius Kos I can't confirm this was the case before. (explore right after the page opens) However I can confirm that this is a bug and should not happen. I can confirm that exploring visualisations and drill down were working correctly. I do not have trace id, the only thing I found in the console was logs about the session expired and an other one for csp errors

Listening for postMessage with API token...
1561.6dfdd8e100a49e53e782.js:2 Using JWT for authentication
1561.6dfdd8e100a49e53e782.js:2 window-tracker: Visibilitychange and intersection observers registered
1561.6dfdd8e100a49e53e782.js:2 Tiger telemetry is turned ON. {host: '<https://matomo.anywhere.gooddata.com/matomo.php>', siteId: 3}
1561.6dfdd8e100a49e53e782.js:2 setupTracer {deploymentId: 'deploymentId', organizationHash: 'aeb359d0d11ec319923d79ef346a67d3e437990c', userHash: '4ee9c32e12aec572f60827403c08c239741d7c04', host: '<https://collector.iad1.prodgdc.com>', sessionId: 'a215021c-f5e1-4113-9a42-6a0a9d93292c'}

Error: No session or session expired
    at VM168 gd.84cc71e901bd3b2d5707.js:2:5820832
    at r (VM168 gd.84cc71e901bd3b2d5707.js:2:5820962)
    at u.loadProfile (VM168 gd.84cc71e901bd3b2d5707.js:2:5640582)
    at async u.obtainCurrentPrincipal (VM168 gd.84cc71e901bd3b2d5707.js:2:5640406)
    at async u.authenticate (VM168 gd.84cc71e901bd3b2d5707.js:2:5642290)
    at async authApiCall (VM168 gd.84cc71e901bd3b2d5707.js:2:5819108)
    at async VM168 gd.84cc71e901bd3b2d5707.js:2:7212251

And the last error about csp directives

Refused to frame '<https://auth.cloud.gooddata.com/>' because it violates the following Content Security Policy directive: "frame-src 'self' *.hsforms.com *.appcues.com *.intercom.io *.intercomcdn.com *.okta.com *.auth0.com *.cloud-iam.com accounts.google.com d3ij350uzls03h.cloudfront.net".

Could you please also check how your CSP has been defined? Please note that it is mandatory to include 'self' at the beginning of your directives, i.e.:

'self' <http://localhost:3000>

Our CSP has been removed using the API because of an old issue I've mentioned in the thread here https://gooddataconnect.slack.com/archives/C04S1MSLEAW/p1709833823180349?thread_ts=1709813546.829799&cid=C04S1MSLEAW I am ok to put them back, but it was not working the first time we did it. And we had to delete them to fix the issue.

Thank you for pointing me to the previous conversation; according to it, it was stated that "we recommend you to leave the CSP frame-ancestors set". Based on this, could you try adding the CSP directives back and make sure to include the 'self' string at the beginning? Let me know if it helps.

Thank you I will try that and let you know