I'm coding my website from online gitpod IDE, when I start my server, the gitpod container localhost:3000 is mapped to something like this: https://3000-mateusfg7-mateusfcom-44ov2ffb9ry.ws-us107.gitpod.io/.

But when I try to render the Giscus iframe, the website shows this error:

The github.com connection was refused

And on console it shows this error:

Refused to frame 'https://github.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

I was thinking that is something related with origins, so I added this line on my giscus.json:

{
  "origins": [
    "https://www.mateusf.com",
    "https://www.mateusf.vercel.app/",
    "https://www.mfg-b-mateusfg7.vercel.app/",
    "https://mateusf.com",
    "https://mateusf.vercel.app/",
    "https://mfg-b-mateusfg7.vercel.app/"
  ],
  "originsRegex": [
    "https://mateusf-([A-z0-9]|-)*mateusfg7\\.vercel\\.app",
+    "https://[0-9]+-mateusfg7-mateusfcom-[A-Za-z0-9]+\\.ws-[A-Za-z0-9]+\\.gitpod\\.io",
    "http://localhost:[0-9]+"
  ]
}

But the error persists. What can I do?

The problem was with the branch that I was saving the giscus.json changes to. It was not the default branch.

When I saved the new regexOrigin in the default branch of my repository, the iframe started rendering again.

Yep, only giscus.json in the default branch is used, in case you have different branches.

I added a redirect to #1298 in #1299 if the origin is disallowed, because people kept misusing this repo's discussions to test their projects. Before the redirect was introduced, you would see "giscus.app refused to connect", and some people would open the iframe's URL in a separate tab which bypasses the protection.