From 1a992b7b4e96baa5ef98e6ef9046e525ab92911d Mon Sep 17 00:00:00 2001
From: Maurice <mauriceboe@icloud.com>
Date: Fri, 27 Mar 2026 21:41:06 +0100
Subject: [PATCH] fix: allow PDF iframe embedding in CSP

---
 server/src/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/src/index.ts b/server/src/index.ts
index 1317fa2..3e16ee5 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -58,7 +58,8 @@ app.use(helmet({
       connectSrc: ["'self'", "ws:", "wss:", "https:", "http:"],
       fontSrc: ["'self'", "https://fonts.gstatic.com", "data:"],
       objectSrc: ["'self'"],
-      frameAncestors: ["'none'"],
+      frameSrc: ["'self'"],
+      frameAncestors: ["'self'"],
     }
   },
   crossOriginEmbedderPolicy: false,