added auth0 in the frame src

kartikpersistent · kartikpersistent · commit f198ca5c80fd · 2025-02-13T13:31:40.000Z
diff --git a/frontend/nginx/nginx.prod.conf b/frontend/nginx/nginx.prod.conf
@@ -3,7 +3,7 @@ server {
   add_header X-Frame-Options "DENY";
   add_header X-Content-Type-Options "nosniff";
   add_header Content-Security-Policy   "connect-src 'self' ${VITE_BACKEND_API_URL} ${VITE_SEGMENT_API_URL};
-                                        frame-src 'self' *.youtube.com *.wikipedia.org;
+                                        frame-src 'self' *.youtube.com *.wikipedia.org ${AUT0_DOMAIN};
                                         script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;
                                         default-src 'self' *.${VITE_FRONTEND_HOSTNAME} data:;
                                         style-src 'self' *.googleapis.com 'unsafe-inline';" always ;
