Add support for configuring Content-Security-Policy: frame-ancestors to allow secure iframe embedding

### Description

### Problem

Structurizr's documentation at https://docs.structurizr.com/onpremises/embed describes support for embedding diagrams via <iframe>. However, this is currently blocked by the default response header:

    X-Frame-Options: SAMEORIGIN

There is no supported or documented way to:
- disable this header
- or better: allow secure embedding from specific domains

### Proposal

Rather than disabling all protections (`X-Frame-Options: ALLOWALL`), please support configuring:

```properties
structurizr.http.headers.content-security-policy=frame-ancestors 'self' https://frontend.example.com


### Priority

Low (I have no budget and there's no rush, please add this feature for free)

### More information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add support for configuring Content-Security-Policy: frame-ancestors to allow secure iframe embedding #181

Description

Problem

Proposal

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Add support for configuring Content-Security-Policy: frame-ancestors to allow secure iframe embedding #181

Description

Description

Problem

Proposal

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions