contents security policy

I'm trying to open Mattermost on Nextcloud (use external site app). I have been blocked there by the Contents Security Policty(CSP). I wrote the following on Nextcloud nginx. add_header Content-Security-Policy "frame-src MATTERMOST-URL"; add_header X-Frame-Options "allow-from...