Framing 'https://accounts.google.com/' violates the following report-only Content Security Policy directive: "frame-ancestors 'self'". The violation has been logged, but no further action has been taken.

It sounds like your site attempted to load Google’s sign-in page inside an iframe or similar frame, but Google’s Content Security Policy (CSP) explicitly forbids that using the directive frame-ancestors 'self'. In other words, accounts.google.com only allows being framed by itself, not by other sites. Because your CSP is in report-only mode, the browser logged the violation but didn’t block the action—it just reported it. If you need to integrate Google sign-in, you’ll want to follow Google’s recommended sign-in methods (e.g., OAuth flows using popups or redirects) rather than framing accounts.google.com.