less strict iframe options

[ianhi]

Closes: #813 (though im not sure if the build config will affect the PR build)

by allowing linking of iframes from anywhere, and anywhere to link an iframe of us. we could also change it to SAMEORIGIN to allow us to use iframes internally, but no one can make an iframe of us. But I like this more permissive model, it would have made it easier for me to embed the xarray repr from this site in the post i wrote on the napari blog.

I also removed X-XSS-PROTECTION which is non-standard, deprecated and recommended to be removed: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection

heads up to @scottyhq if you have opinions here

[netlify]

✅ Deploy Preview for xarraydev ready!

Name	Link
🔨 Latest commit	68da621
🔍 Latest deploy log	https://app.netlify.com/projects/xarraydev/deploys/690223c7f9820b00081b6dc0
😎 Deploy Preview	https://deploy-preview-814--xarraydev.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[ianhi]

Indeed seems to have fixed it: https://deploy-preview-814--xarraydev.netlify.app/blog/flox

[scottyhq]

Awesome!

[dcherian]

thanks Ian!