hotfix: allow all sites as frame ancestors

performant-software · Aug 29, 2024 · b462283 · b462283
1 parent a94c2de
commit b462283
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
@@ -0,0 +1,5 @@
+# content security policy (CSP) settings for the application
+Rails.application.config.content_security_policy do |policy|
+  # allow all sites as frame_ancestors in order to allow iframe embeds
+  policy.frame_ancestors :self, "*"
+end