Chrome Extension, Because It Violates The Following Content Security Policy Directive But Only After Refreshing Window

I made a chrome extension that loads an iframe on the gmail url. So far so good! When I install the extension it loads the I framed with no problems but here comes the problem. If

Solution 1:

Refused to frame 'https://...........com/' because it violates the following Content Security Policy directive: "frame-src 'self' ... Google's domains here ...

It's not your CSP, but some of Google's iframe publish its own. Because commonly Google does not allow to embed own into third-party. Most interesting part: 'https://...........com/' is hidden (is here your domain or not?).

Is Chrome seeing errors after the page refresh and why?

Google's services based on a lot of it own iframes, wich inter each other based on Cookie. For example, you can embed https://gmail.com into iframe, but if you are logged into account (have auth Cookies), Gmail does auto redirect you to https://mail.google.com/mail/u/0/ page which does not allow iframing (because of X-Frame-Options deny).

Behavior of iframes of Google could be very complicated, so a exact answer "Why" is not possible without detail researches.

Anyway embed of Google services (not officially intended for embedding) into iframe is not a good idea. Google does not allow that because of security.