feat(toolbar): Allow sentry to iframe itself so that @sentry/toolbar can load

[ryan953]

The problem to solve is
I want to run the production @sentry/toolbar code on sentry.io
What this means is that, we want to update the CSP frame-src directive to allow a domain like sentry.sentry.io to iframe sentry.sentry.io. Currently that’s erroring out with this message in the browser:

Refused to frame 'https://sentry.sentry.io/toolbar/sentry/javascript/iframe/?logging=' because it violates the following Content Security Policy directive: "frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io".

So the code to fix it does two things:

• add an option with an allowlist of domains to consider
• if the current domain is in the allowlist, then that domain can add itself to the frame-src list.
  • Therefore, sentry.sentry.io can iframe itself… and demo.sentry.io can iframe itself, but they cannot iframe each other.

https://github.com/getsentry/sentry-toolbar

[sentry-io]

🔍 Existing Issues For Review

Your pull request is modifying functions with the following pre-existing issues:

📄 File: src/sentry/web/frontend/base.py

Function	Unhandled Issue
dispatch	AttributeError: 'RedminePlugin' object has no attribute 'can_link_existing_issues' /{organization_slug}/{project_id_or_slug}... Event Count: 7
dispatch	GitHubApiError: b'{"message":"Bad credentials","documentation_url":"https://docs.github.com/rest","status":"401"}' ... Event Count: 7
dispatch	Exception: Same primary email address ('[email protected]') for multiple users: [929662, 875663] ... Event Count: 1

---

_{Did you find this useful? React with a 👍 or 👎}

[codecov]

Codecov Report

Attention: Patch coverage is 98.24561% with 1 line in your changes missing coverage. Please review.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/sentry/web/frontend/base.py	90.90%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #93206       +/-   ##
===========================================
+ Coverage   42.18%   87.99%   +45.80%     
===========================================
  Files       10232    10256       +24     
  Lines      590716   591686      +970     
  Branches    22990    22990               
===========================================
+ Hits       249184   520628   +271444     
+ Misses     341041    70567   -270474     
  Partials      491      491               

[ryan953]

replaced with a simpler strategy in https://github.com/getsentry/getsentry/pull/17650