From 0bb0d2591fd6369cd8a8b1ea17bf94ec3958284e Mon Sep 17 00:00:00 2001
From: Dan Percic <dan.percic.ext@knecon.com>
Date: Mon, 15 Jan 2024 20:10:57 +0200
Subject: [PATCH] RED-8128 add frame ancestors CSP

---
 docker/common/nginx/nginx.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker/common/nginx/nginx.conf b/docker/common/nginx/nginx.conf
index 73661a583..5b654cf8e 100644
--- a/docker/common/nginx/nginx.conf
+++ b/docker/common/nginx/nginx.conf
@@ -6,7 +6,7 @@ server {
   root /usr/share/nginx/html;
   # SSL stuff for cloudflare proxy-ing - ignores SSL certificate and uses SNI
 
-  add_header Content-Security-Policy "default-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
+  add_header Content-Security-Policy "frame-ancestors 'self'; default-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
 
   proxy_ssl_verify off;
   proxy_read_timeout 1m;
@@ -32,4 +32,3 @@ server {
   gzip_types application/javascript text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
 }
-