How to securely use Jupyter-lab (as a Docker instance) in iframe?

hello team,

Is there any way to use jupyter-lab in iframe without compromising the Content Security Policies ??
I have seen solutions with following CSP:

'Content-Security-Policy': "frame-ancestors 'self' ;",

But I think this makes the web application vulnerable to XSS and other vulnerabilities.

Suggest a more secure way to configure the jupyterlab-server-config file.