is there a way to allow certain “frame-ancestors” with the “Content-Security-Policy” without doing so in the file “/etc/nginx/conf.d/security.conf.inc”?
I need to allow some specific i-frames from another (sub)domain, and it works adding the line:
more_set_headers "Content-Security-Policy: frame-ancestors https://sub.domain"
Nevertheless this means, that there is no automatic update of the config file, which only recently led me to a problem with the migration.
Thanks for your ideas!