While I was browsing medium.com (e.g. https://medium.com/the-city-independent/a-surprisingly-simple-way-to-reduce-traffic-in-your-city-overnight-f3841d281228), I noticed that the sub-frames are referenced to the site itself and then includes another frame from embedly.com. But uMatrix did not show a "blocked frame" data blob.
Then I noticed the web site sets some CSP rules that blocks data: scheme for frames. I tried to add that through the following functions modifying response headers:
onMainDocHeadersReceived: https://github.com/gorhill/uMatrix/blob/master/src/js/traffic.js#L574
onSubDocHeadersReceived: https://github.com/gorhill/uMatrix/blob/master/src/js/traffic.js#L680
It seems (and should be) that Chrome permits a request only if all related CSPs allow, so rule modification should not be simply pushed into headers but be done on existing one(s) if already exist(s). When I tried this it worked. So I think if a website already declares CSP header(s) then those functions should add "data:" scheme to allow on frame-src's.