I just solved the problem (Content Security Policy: frame-src) by adding this to the owncloud virtualhost:
Header set Content-Security-Policy: "frame-ancestors http://my-owncloud.id http://my-collabora.id:9980 "
Header set Content-Security-Policy: "frame-src http://my-owncloud.id http://my-collabora.id:9980 blob:;"