Added new frame ancestor directives

Author: enicolasgomez

utilities/install.py

@@ -171,7 +171,7 @@ def main(netpyne_branch, workspace_branch, geppetto_branch=None, skipNpm=False,
             _ = config['NotebookApp']['tornado_settings']
         except KeyError:
             config['NotebookApp']['tornado_settings'] = {}
-        config['NotebookApp']['tornado_settings']['headers'] = { 'Content-Security-Policy': "frame-ancestors 'self' *" }
+        config['NotebookApp']['tornado_settings']['headers'] = { 'Content-Security-Policy': "frame-ancestors 'self' http: https: http://localhost:8081 *" }
         config['NotebookApp']['tornado_settings']['gzip'] = True
         f.seek(0)
         json.dump(config, f, indent=4, sort_keys=True)

webapp/package.bak

@@ -26,6 +26,7 @@
     "@sentry/integrations": "^6.16.1",
     "@sentry/react": "^6.16.1",
     "@sentry/tracing": "^6.16.1",
+    "csp-html-webpack-plugin": "^5.1.0",
     "jquery": "^3.6.0",
     "js-base64": "^3.6.1",
     "less-vars-to-js": "^1.3.0",

webapp/test-frame/index.html

@@ -8,7 +8,7 @@
 <h2>IFrame NePyNE-UI</h2>
 
 <!-- IFrame element -->
-<iframe src="http://localhost:8081/geppetto" width="1200" height="1200">
+<iframe src="http://localhost:8081" width="1200" height="1200">
     <!-- Alternative content for browsers that do not support iframes -->
     <p>Your browser does not support iframes.</p>
 </iframe>

webapp/webpack.config.js

@@ -153,7 +153,7 @@ module.exports = function (env) {
         'script-src': ["'self'", "'unsafe-inline'"],
         'style-src': ["'self'", "'unsafe-inline'"],
         'img-src': ["'self'", 'data:', 'blob:'],
-        'frame-ancestors': ['*'] 
+        'frame-ancestors': ["'self' http: https: http://localhost http://localhost:8081 *"] 
       }, {
         enabled: true,
         hashingMethod: 'sha256',