From 44a4962e0b7e3ed87e9914b4e7792a0d52330ff8 Mon Sep 17 00:00:00 2001
From: Benjamin Bellamy <ben@podlibre.org>
Date: Mon, 1 Mar 2021 15:59:07 +0100
Subject: [PATCH] fix(embeddable-player): enable any ancestor when
 X-Frame-Options is set on server

---
 app/Controllers/Episode.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Controllers/Episode.php b/app/Controllers/Episode.php
index 477a5cad97..a4a8ce2102 100644
--- a/app/Controllers/Episode.php
+++ b/app/Controllers/Episode.php
@@ -88,6 +88,8 @@ class Episode extends BaseController
 
     public function embeddablePlayer($theme = 'light-transparent')
     {
+        header('Content-Security-Policy: frame-ancestors https://* http://*');
+
         self::triggerWebpageHit($this->episode->podcast_id);
 
         $session = \Config\Services::session();
-- 
GitLab