add frame-ancestors rule to csp

blockscout · May 16, 2024 · 163ee43 · 163ee43
1 parent 0b60ada
commit 163ee43
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/nextjs/csp/policies/app.ts b/nextjs/csp/policies/app.ts
@@ -133,6 +133,10 @@ export function app(): CspDev.DirectiveDescriptor {
       '*',
     ],
 
+    'frame-ancestors': [
+      KEY_WORDS.SELF,
+    ],
+
     ...((() => {
       if (!config.features.sentry.isEnabled) {
         return {};