From bc7d7ef7d16fc25af04e045948e58946e7f382da Mon Sep 17 00:00:00 2001
From: Venkata Chandra Sekhar Nainala <mailcs76@gmail.com>
Date: Thu, 4 Jan 2024 14:22:34 +0000
Subject: [PATCH] fix: frame src enabled

---
 app/Http/Middleware/XFrameOptions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/XFrameOptions.php b/app/Http/Middleware/XFrameOptions.php
index 9323e30b..a60f2561 100644
--- a/app/Http/Middleware/XFrameOptions.php
+++ b/app/Http/Middleware/XFrameOptions.php
@@ -18,7 +18,7 @@ public function handle(Request $request, Closure $next): Response
         $response = $next($request);
 
         if ($request->route()->getName() == 'embed') {
-            return $response->header('Content-Security-Policy', "default-src 'self'; base-uri 'self'; block-all-mixed-content; frame-src data: blob: *; img-src 'self'; style-src 'unsafe-inline' *;");
+            return $response->header('Content-Security-Policy', 'frame-src data: blob: *');
         } else {
             $xframeOptions = 'SAMEORIGIN';