diff --git a/deploy/docker/templates/docker.env.sh b/deploy/docker/templates/docker.env.sh index 2acca52c01..6612320cd0 100644 --- a/deploy/docker/templates/docker.env.sh +++ b/deploy/docker/templates/docker.env.sh @@ -96,5 +96,5 @@ APPSMITH_SUPERVISOR_PASSWORD=$SUPERVISOR_PASSWORD # Example: "https://mydomain.com https://another-trusted-domain.com" will allow embedding on those two domains. # Default value, if commented or not set, is "'none'", which disables embedding completely. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors -APPSMITH_ALLOWED_FRAME_ANCESTORS="'self'" +APPSMITH_ALLOWED_FRAME_ANCESTORS="'self' *" EOF diff --git a/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh b/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh index 960b077a1a..d200151c3f 100644 --- a/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh +++ b/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh @@ -28,7 +28,7 @@ server { index index.html index.htm; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors - add_header Content-Security-Policy "frame-ancestors ${APPSMITH_ALLOWED_FRAME_ANCESTORS-'self'}"; + add_header Content-Security-Policy "frame-ancestors ${APPSMITH_ALLOWED_FRAME_ANCESTORS-'self' *}"; location /.well-known/acme-challenge/ { root /appsmith-stacks/data/certificate/certbot; diff --git a/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh b/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh index 6391cb4f02..b31a547bff 100644 --- a/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh +++ b/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh @@ -40,7 +40,7 @@ server { ssl_dhparam /appsmith-stacks/data/certificate/conf/ssl-dhparams.pem; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors - add_header Content-Security-Policy "frame-ancestors ${APPSMITH_ALLOWED_FRAME_ANCESTORS-'self'}"; + add_header Content-Security-Policy "frame-ancestors ${APPSMITH_ALLOWED_FRAME_ANCESTORS-'self' *}"; location = /supervisor { return 301 /supervisor/;