mirror of
https://github.com/d0zingcat/ghost-docker.git
synced 2026-05-13 23:16:44 +00:00
fb6040fd0c
* Fixed "View site" and post previews in Ghost Admin ref https://linear.app/ghost/issue/ONC-1097/preview-post-does-not-work-on-separate-ghostadmin-domains ref https://linear.app/ghost/issue/ONC-1090/oss-issue-previewing-site-from-subdomain-admin-panel-results-in In Ghost Admin, the frontend of the site is loaded in an iframe in a few places: - The "View site" tab on the sidebar - In post previews Using the default docker setup in this repository, these iframes fail to load because of the `X-Frame-Options DENY` header that is added by Caddy. This fixes the problem by replacing `X-Frame-Options DENY` with a Content Security Policy that allows the site to be embedded in an iframe on the site's domain itself and on the admin domain, if configured. * Update SecurityHeaders Spaces -> Tabs --------- Co-authored-by: James Loh <git@jloh.co>