Expose an interface to `$allowedFrameAncestors` in configuration

[alfiepates]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.
Can't embed file sharing links as iFrames in other websites due to Content Security Policy.

Describe the solution you'd like
Ideally Nextcloud should expose an interface to $allowedFrameAncestors (ContentSecurityPolicy.php) in configuration.

Describe alternatives you've considered
Right now, I'm manually patching the above file to include the domains I want to embed iFrames on.

Additional context
We're using Nextcloud as an easy way to host PDFs/etc as part of a larger platform, since it's approachable to non-technical content writers.

[szaimen]

As this sounds like a nice feature, the requests for this are quite low. Currently there are no plans to implement such a feature. Thus I will close this ticket for now. This does not mean we don't want this feature, but it is simply not on our roadmap for the near future. If somebody wants to implement this feature nevertheless we are happy to assist and help out.If you wish to have this feature implemented by the Nextcloud GmbH there is the option for consulting work on top of your Nextcloud Enterprise subscription to get your features implemented.

[cbartondock]

I agree that this would be a nice feature, currently it requires editing the security policy in lib/public/AppFramework/Http/ContentSecurityPolicy.php which is unfortunate and obviously gets undone when nextcloud updates.

[frlan]

@szaimen Closing the FR will remove it from visibility also for freelance contributors therefore it wont be implemented most likely. I'm voting for repening and adding it to roadmap