FR: Allow setting frame-ancestors header for adding Pinchflat to a dashboard like Organizr

kieraneglin / pinchflat

Your next YouTube media manager

GNU Affero General Public License v3.0

1.42k stars 25 forks source link

FR: Allow setting frame-ancestors header for adding Pinchflat to a dashboard like Organizr #149

Closed unixrubix closed 8 months ago

unixrubix commented 8 months ago

An option either in-app or during Docker config to set the CSP frame-ancestors header would allow Pinchflat to be added to a network services organizer dashboard for simplified access.

Setting the CSP frame-ancestors header should override the current X-Frame-Options header and retain click-jacking security.

I'm only familiar with this from an Nginx approach rather than Elixir, but this seemed like a possible solution.

kieraneglin commented 8 months ago

Thanks for the report!

Seems fair enough. Since this is only meant to be self-hosted, I think it's fair game to unset the x-frame-options header entirely.

I'll look into that tonight!

kieraneglin commented 8 months ago

This is fixed in the latest release!

unixrubix commented 8 months ago

Awesome thank you!