Display ERPNext in an iframe

I want to display ERPNext website in an iframe embedded in an internal company site. I have my site deployed in Frappe Cloud’s private bench.
However, this does not work due to the CSRF protection enabled in nginx.

What I have tried so far -

  1. set ignore_csrf=1 in the site config.

The site still doesn’t open in an iframe.

Also, I don’t want to disable CSRF entirely - I just want to whitelist my company’s internal website. How do I go about doing this?