The company needs to utilize Channels so that users can access another application from within Clarity

Error 1:

• Refused to frame error when you click Preview for a given channel URL because it violates the following Content Security Policy directive: "frame-src app.pendo.io cdn.pendo.iodocops.ca.com 'self' data:".

Error 2:

•  Mixed Content: You might see the following error if you configure a link with HTTP inside a domain that requires a secure HTTPS connection:
• Mixed Content: The page at 'https://MY-PPM-SERVER.ondemand.ca.com/pm/#/admin/blueprints/blueprint/edit/5000043' was loaded over HTTPS, but requested an insecure resource 'http://OTHER-SITE.domain.org'.
• This request has been blocked; the content must be served over HTTPS.

Your browser might show an alert asking you to confirm before loading unsafe scripts. In Chrome, a security shield icon and prompt appear asking you to confirm that you want to open an insecure channel.

Release : Any

Workaround 1 (for Error 1)

• To resolve this condition, refresh your browser. Refreshing forces Clarity to white list the domain in compliance with the Content Security Policy directive.
• The new blueprint channel feature has a built-in ability to white list a domain after you define it in the channel.
• Refresh your browser to white list a domain before you can preview it.
• White listing allows Clarity to display external applications in the PPM framework, provided the other application does not have CORS restrictions built-in since Clarity cannot overwrite an external security policy.

 
Workaround 2 (for Error 2)

•  To resolve this condition, edit the channel in the blueprint to use HTTPS and then publish the blueprint, or, if you know the HTTP content is safe, preview the HTTP content in another browser. 

On-premise administrators can also white list a domain using admin system options. See CSA: Service and Admin Command-Line Utilities

Broadcom Documentation