discourse:master
← discourse:stop-checking-referer-for-embed
opened 09:49PM - 15 Jul 21 UTC
Flips content_security_policy_frame_ancestors default to enabled, and
removes HT…TP_REFERER checks on embed requests, as the new referer
privacy options made the check fragile.