Content Security Policy for iFrame embedding

2024-09-20 04:25:57 -04:00
parent 3895537f4f
commit 76d464e9dd
2 changed files with 32 additions and 1 deletions
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -71,7 +71,7 @@ Rails.application.configure do
    # The `child_src` directive is only a fallback for browsers not supporting `worker_src`.
    policy.child_src            :self, :blob
    policy.form_action          :self
-    policy.frame_ancestors      :none
+    policy.frame_ancestors      :self, 'https://*.htwk-leipzig.de'
    policy.frame_src            :none
    policy.manifest_src         :none