3.6.6.4
🎉 Features
The Content-Security-Policy: frame-ancestors
header sent by the Panel (introduced in 3.6.6.3) can now be customized with an option if needed:
return [
'panel' => [
// allow frame embedding from the same domain
'frameAncestors' => true,
// allow frame embedding from the same *and* from the specified domains
'frameAncestors' => ['*.example.com', 'https://example.com'],
// allow frame embedding on any domain (not recommended)
'frameAncestors' => '*',
]
];