From 466265fde15b32a8d984e8f91de6dd7ed4225b62 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Wed, 14 Aug 2019 14:44:12 +0200
Subject: [PATCH] Allow iframe embedding of cloudron.io pages

---
 src/appconfig.ejs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/appconfig.ejs b/src/appconfig.ejs
index 7f0e26a19..f4f576c3e 100644
--- a/src/appconfig.ejs
+++ b/src/appconfig.ejs
@@ -96,7 +96,7 @@ server {
 
 <% if ( endpoint === 'admin' ) { -%>
     # CSP headers for the admin/dashboard resources
-    add_header Content-Security-Policy "default-src 'none'; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
+    add_header Content-Security-Policy "default-src 'none'; frame-src cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
 <% } -%>
 
     proxy_http_version 1.1;