[Nebula] Fix: Security headers for Mini App (#7337)

PaoloRollo · github-actions[bot] · web-flow · commit ab0f3583124d · 2025-06-13T21:45:57.000+02:00
Co-authored-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
diff --git a/apps/dashboard/next.config.ts b/apps/dashboard/next.config.ts
@@ -16,6 +16,7 @@ const ContentSecurityPolicy = `
   connect-src * data: blob:;
   worker-src 'self' blob:;
   block-all-mixed-content;
+  frame-ancestors 'self' https://farcaster.xyz https://*.farcaster.xyz;
 `;
 
 const securityHeaders = [
@@ -29,8 +30,7 @@ const securityHeaders = [
   },
   {
     key: "X-Frame-Options",
-    // allow farcaster.xyz as a frame ancestor for the browser mini app
-    value: "frame-ancestors 'self' https://farcaster.xyz; default 'self'",
+    value: "SAMEORIGIN",
   },
   {
     key: "Referrer-Policy",
