I think this topic is related (but focuses on NUL):
Make Content-Security-Policy frame-ancestors directive configurable for New Universal Login - Auth0 Community
I think this topic is related (but focuses on NUL):
Make Content-Security-Policy frame-ancestors directive configurable for New Universal Login - Auth0 Community