Xframe settings test

DigitalLearningSolutions.Web/Startup.cs

@@ -596,11 +596,11 @@ public void Configure(IApplicationBuilder app, IMigrationRunner migrationRunner,
                     "font-src https://script.hotjar.com https://assets.nhs.uk/; " +
                     "connect-src 'self' http: ws:; " +
                     "img-src 'self' data: https:; " +
+                    "frame-ancestors *" +
                     "frame-src 'self' https:");
                 context.Response.Headers.Add("Referrer-Policy", "no-referrer");
                 context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
                 context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
-                context.Response.Headers.Add("X-Frame-Options", "deny");
                 context.Response.Headers.Add("X-XSS-protection", "0");
                 await next();
             });