CSP blocks external iFrames including Ghost Explore

[jonaharagon]

Not sure this policy makes a ton of sense if you plan to embed sites on explore.ghost.org:

ghost-docker/caddy/snippets/SecurityHeaders

Line 11 in 2926758

Content-Security-Policy "frame-ancestors 'self' {$ADMIN_DOMAIN:}"