I’m building a custom Microsoft Teams app to integrate Freshservice, but I’m facing challenges due to X-Frame-Options and Content-Security-Policy restrictions on the Freshservice domain. These headers prevent the content from being embedded in an iframe, which is required for Teams tabs.
I’m curious to know how others have approached similar issues. Is there a best practice for integrating external services with restrictive headers into Teams? What are the trade-offs or risks involved in each approach?