fix: frame src enabled

NFDI4Chem · Jan 4, 2024 · bc7d7ef · bc7d7ef
1 parent 0cf285b
commit bc7d7ef
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/Http/Middleware/XFrameOptions.php b/app/Http/Middleware/XFrameOptions.php
@@ -18,7 +18,7 @@ public function handle(Request $request, Closure $next): Response
         $response = $next($request);
 
         if ($request->route()->getName() == 'embed') {
-            return $response->header('Content-Security-Policy', "default-src 'self'; base-uri 'self'; block-all-mixed-content; frame-src data: blob: *; img-src 'self'; style-src 'unsafe-inline' *;");
+            return $response->header('Content-Security-Policy', 'frame-src data: blob: *');
         } else {
             $xframeOptions = 'SAMEORIGIN';