Skip to content

3.5.8.4

Compare
Choose a tag to compare
@afbora afbora released this 10 Aug 19:24
6393c86

🎉 Features

The Content-Security-Policy: frame-ancestors header sent by the Panel (introduced in 3.5.8.3) can now be customized with an option if needed:

return [
  'panel' => [
    // allow frame embedding from the same domain
    'frameAncestors' => true,

    // allow frame embedding from the same *and* from the specified domains
    'frameAncestors' => ['*.example.com', 'https://example.com'],

    // allow frame embedding on any domain (not recommended)
    'frameAncestors' => '*',
  ]
];