I am having a difficult time getting anchor tags in HTML rendered by Jupyter to link to other HTML files in a users directory. I am using nginx as my reverse proxy to serve JupyterHub. I’m getting this error when clicking on a link:
Refused to display ‘https://corgiplex.com/user/customer_stylewhere/files/overview.html’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘self’ https://corgiplex.com”.
Given I see corgiplex host and one of the options in the frame-anscestors policy I’m reaaaally confused why that doesn’t work. Is that not how the CSP works?
I have a stackoverflow question here which will provide more information if needed.
I have tried adding the following configuration:
jupyterhub_config.py
c.JupyterHub.tornado_settings = { 'headers': { 'Content-Security-Policy': "frame-ancestors 'self' https://corgiplex.com"} }
jupyter_notebook_config.py (for the user → $USER/.jupyter/jupyter_notebook_config.py)
c.NotebookApp.tornado_settings = {
'headers': {
'Content-Security-Policy': "frame-ancestors 'self' https://corgiplex.com"
}
}
I’m pretty confused because it looks like the changes I made should be working based on the error message. Prior to adding the additional configuration the message read Content Security Policy directive: “frame-ancestors ‘self’” so it seems like progress. Likely I’m not understanding the spec 
… any help is appreciated!