From 573009cc82b348ac1fb2b07f8e43d8a39bf836f3 Mon Sep 17 00:00:00 2001
From: Mo Bitar <me@bitar.io>
Date: Thu, 6 Sep 2018 10:57:47 -0500
Subject: [PATCH] frame-src allow data: url

---
 config/application.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/application.rb b/config/application.rb
index d1156765f..a7a9d123d 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -52,7 +52,8 @@ module Neeto
          default_src: %w(https: 'self'),
          base_uri: %w('self'),
          block_all_mixed_content: false, # see http://www.w3.org/TR/mixed-content/
-         child_src: ["*"],
+         child_src: ["*", "blob:"],
+         frame_src: ["*", "blob:"],
          connect_src: ["*"],
          font_src: %w(* 'self'),
          form_action: %w('self'),