When trying to add Salesforce UI Elements into Lightning Page or Flow - I am seeing this error when opening page or running the flow
Refused to frame 'https://mydomain--mysandbox-box.sandbox.vf.force.com/' because an ancestor violates the following Content Security Policy directives: "frame-ancestor 'self'"
Additional Info: https://developer.box.com/guides/tooling/salesforce-toolkit/ui-elements/
Hello 
,
Let me look into this further. I’m not sure off the top of my head.
Thanks,
Alex, Box Developer Advocate 
This may work and a few other settings within session settings. I’d recommend trying in a sandbox first.
Yes turning off clickjack protection works, however I prefer not to turn this off.
Support are suggesting adding Trusted Domain in Sessions Settings and also Trust Domains (CSP)
I’ve added this and still see the error
The domain the managed package is trying to reach is this:
https://mydomain--mysandbox--box.sandbox.vf.force.com/
Worth noting, my org domain is this
https://mydomain--mysandbox.sandbox.vf.force.com
The Box target includes “–box” in the domain
Worked but would prefer not to turn off, see other response - thanks
Following the workaround here Help And Training Community and possibly following Help And Training Community
Should fix the issue without disabling clickjack.