CSP error on Iframe ancestor violates

Hi ​@shazim96khan - in the code example you shared, it looks like the messageOrigins and frameAncestors fields are set to the demo environment (https://apps-d.docusign.com), however in the error message it appears you are using the production environment (https://apps.docusign.com). This may be the reason why you are getting the error message. I also couldn’t tell if you were including a ClientUserID, which is required to get the recipientView URL. Here’s a guide on this:

• How to request a signature using focused view
• EnvelopeViews: createRecipient

Alex

Hi ​@shazim96khan,

Thank you for sharing the code and details of the issue you’re experiencing with displaying the embedded signing view in DocuSign’s focus view. Based on your code, here are a few things you might want to check

1. Frame Ancestors:

   • Ensure the domains you’ve added to setFrameAncestors are correct and match your environment. For local testing, http://localhost:8000 is fine, but if this a production environment, you’ll need to use the production domain.

2. Return URL:

   • Verify that the return_url you’ve set in RecipientViewRequest is valid and accessible.

3. API Client Configuration:

   • Double-check that your $this->apiClient is correctly configured with the proper authentication token and base URL (e.g., the demo environment or production).

Thanks guys for your respone let me check and then get back to you

You're very welcome! ​@shazim96khan 

I’ve reviewed everything and it appears to be correct, but the embedded URL is still not rendering in the iframe. Could you check the URL and my frontend code for focused view to confirm if I’ve missed something? Note that I haven’t used any live URL. Let me know if I’m doing something wrong.
Here is my url that i am getting 

Focused View URL

Hey everyone, quick update from my side: the issue is resolved! The problem was with the URL I was using. Once I updated it with the correct url, everything started working perfectly. Thanks for all your support, everyone!

What was the problem with the URL you were using? I am having this same issue. It seems like when I switch from https://demo.docusign.net/restapi to my ‘Account Base URI’, I start getting this error. I had no problem getting the iframe to work in development, but it started failing once I promoted the app to production.

Hi ​@michaeldunn are you referring to the frameAncestors and messageOrigins URL? If so, you would use https://apps-d.docusign.com for the demo environment, and https://apps.docusign.com for production. I would try updating to the production URL if you’ve already promoted your app and see if that resolves the issue. 

See this guide (Step 4) for more information. Thanks!