I am trying to create a vary basic .rb plugin (based on the now obsolete in chrome) discourse-allowallwhich will merge the CSP header to the default ones but cant get it to work.
The below does not seem to do it.
Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "frame-ancestors 'http://mylocal.com.localhost'"})
I literally have 0 experience with ruby so need to know:
- If thats possible
- The correct syntax for defining the above header and merging it with the default ones
End goal is to make my discourse site frameable by 2 specific domains