It means that the http server at cw.na1.hgncloud.comsend some http headers to tell web browsers like Chrome to allow iframe loading of that page (https://cw.na1.hgncloud.com/crossmatch/) only from a page hosted on the same domain (cw.na1.hgncloud.com) :

这意味着 http 服务器会cw.na1.hgncloud.com发送一些 http 标头以告诉 Chrome 等网络浏览器仅允许从同一域上托管的页面（https://cw.na1.hgncloud.com/crossmatch/）加载该页面（https://cw.na1.hgncloud.com/crossmatch/）的iframe cw.na1.hgncloud.com）：

Content-Security-Policy: frame-ancestors 'self' https://cw.na1.hgncloud.com
X-Frame-Options: ALLOW-FROM https://cw.na1.hgncloud.com

You should read that :

你应该读到：

• https://developer.mozilla.org/en-US/docs/Web/Security/CSP
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

• https://developer.mozilla.org/en-US/docs/Web/Security/CSP
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

The reason for the error is that the host server for https://cw.na1.hgncloud.comhas provided some HTTP headers to protect the document. One of which is that the frame ancestors must be from the same domain as the original content. It seems you are attempting to put the iframe at a domain location that is not the same as the content of the iframe - thus violating the Content Security Policy that the host has set.

报错的原因是https://cw.na1.hgncloud.com的主机服务器提供了一些HTTP头来保护文档。其中之一是框架祖先必须来自与原始内容相同的域。您似乎试图将 iframe 放在与 iframe 内容不同的域位置 - 从而违反了主机设置的内容安全策略。

Check out this link on Content Security Policyfor more details.

有关更多详细信息，请查看内容安全策略上的此链接。

For any of you calling back to the same server for your IFRAME, pass this simple header inside the IFRAME page:

对于为 IFRAME 回调到同一服务器的任何人，请在 IFRAME 页面内传递这个简单的标头：

Content-Security-Policy: frame-ancestors 'self'

Content-Security-Policy: frame-ancestors 'self'

Or, add this to your web server's CSP configuration.

或者，将其添加到您的 Web 服务器的 CSP 配置中。