Skip to content

Commit

Permalink
Merge pull request #53 from AOT-Technologies/bugfix/single-domain-emb…
Browse files Browse the repository at this point in the history
…ed-issue

[Bugfix] Added empty vlue to frameoptions in redash and frame-ancestors
  • Loading branch information
arun-s-aot authored Dec 19, 2024
2 parents 6e5e70a + 0909e63 commit 14b5001
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions redash/settings/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@
# on the specific deployment.
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
# for more information.
FRAME_OPTIONS = os.environ.get("REDASH_FRAME_OPTIONS", "deny")
FRAME_OPTIONS = os.environ.get("REDASH_FRAME_OPTIONS", "")
FRAME_OPTIONS_ALLOW_FROM = os.environ.get("REDASH_FRAME_OPTIONS_ALLOW_FROM", "")

# Whether and how to send Strict-Transport-Security response headers.
Expand All @@ -117,7 +117,7 @@
# for more information. E.g.:
CONTENT_SECURITY_POLICY = os.environ.get(
"REDASH_CONTENT_SECURITY_POLICY",
"default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; font-src 'self' data:; img-src 'self' http: https: data: blob:; object-src 'none'; frame-src redash.io *.aot-technologies.com;",
"default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; font-src 'self' data:; img-src 'self' http: https: data: blob:; object-src 'none';frame-ancestors 'self' *.aot-technologies.com; frame-src redash.io *.aot-technologies.com;",
)
CONTENT_SECURITY_POLICY_REPORT_URI = os.environ.get("REDASH_CONTENT_SECURITY_POLICY_REPORT_URI", "")
CONTENT_SECURITY_POLICY_REPORT_ONLY = parse_boolean(
Expand Down

0 comments on commit 14b5001

Please sign in to comment.