From 7868ca134ec5219c8a5d9776812ee6594dfc4e38 Mon Sep 17 00:00:00 2001
From: Lucis <luciannojunior@gmail.com>
Date: Wed, 23 Aug 2023 17:35:26 -0300
Subject: [PATCH] Adding self policy to iframes

---
 utils/http.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/http.ts b/utils/http.ts
index 668c19ad6..22f6c1b59 100644
--- a/utils/http.ts
+++ b/utils/http.ts
@@ -157,7 +157,7 @@ export function setCSPHeaders(
     "127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:*";
   response.headers.set(
     "Content-Security-Policy",
-    `frame-ancestors 'self' ${landingPageDomain} ${localhost} ${adminDomain} ${
+    `default-src 'self'; frame-ancestors 'self' ${landingPageDomain} ${localhost} ${adminDomain} ${
       referer && isOnAdmin
         ? "https://" + referer.startsWith("http")
           ? new URL(referer).host