CSP Policy for https://widget.reviews.io/

[norgeindian]

Since Magento 2.4.7, the Magento_Csp module is active by default and this way, we're facing the following issue on all pages:

Refused to frame 'https://widget.reviews.io/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors ....

I tried to add the following to a custom csp_whitelist.xml, but that did not help:

        <policy id="frame-ancestor">
            <values>
                <value id="reviewsio" type="host">https://widget.reviews.io</value>
            </values>
        </policy>

Any other ideas how this could be fixed?