From 4efa4f2c94108f087d7c2d57100a107fc78cec7d Mon Sep 17 00:00:00 2001
From: Rob Colbert <rob@gab.com>
Date: Thu, 21 Nov 2019 07:16:37 -0500
Subject: [PATCH] also allow openplatform.us to embed

---
 config/initializers/content_security_policy.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index c8ade810..5f3f83b5 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -5,12 +5,11 @@
 base_host     = Rails.configuration.x.web_domain
 assets_host   = Rails.configuration.action_controller.asset_host
 assets_host ||= "http#{Rails.configuration.x.use_https ? 's' : ''}://#{base_host}"
-frame_hosts   = "https://*.gab.com"
 
 Rails.application.config.content_security_policy do |p|
   p.base_uri        :none
   p.default_src     :none
-  p.frame_ancestors :self, frame_hosts
+  p.frame_ancestors :self, "https://*.gab.com", "https://*.openplatform.us"
   p.font_src        :self, assets_host
   p.img_src         :self, :https, :data, :blob, assets_host
   p.style_src       :self, :unsafe_inline, assets_host