🧹

Author: jeanp413

components/ide-proxy/conf/Caddyfile

@@ -16,8 +16,6 @@
 		Strict-Transport-Security  max-age=31536000
 		# disable clients from sniffing the media type
 		X-Content-Type-Options     nosniff
-		# Define valid parents that may embed a page
-		Content-Security-Policy    "frame-ancestors 'self' https://*.{$GITPOD_DOMAIN} https://{$GITPOD_DOMAIN}"
 		# keep referrer data off of HTTP connections
 		Referrer-Policy            no-referrer-when-downgrade
 		# Enable cross-site filter (XSS) and tell browser to block detected attacks

components/proxy/conf/Caddyfile

@@ -299,7 +299,7 @@ https://{$GITPOD_DOMAIN} {
 # workspaces
 https://*.*.{$GITPOD_DOMAIN} {
 	import enable_log
-	import workspace_security_headers
+	# import workspace_security_headers
 	import remove_server_header
 	import ssl_configuration
 	import debug_headers