From 87a62fb614969481eaf8588b35cd84bed06ae4a5 Mon Sep 17 00:00:00 2001
From: Sukhpal Saini <bdcorps@users.noreply.github.com>
Date: Fri, 23 Jun 2023 09:54:41 -0400
Subject: [PATCH 1/2] Add EMBED_HOSTED_URL

---
 next.config.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/next.config.js b/next.config.js
index 8efb45bc..061a48aa 100644
--- a/next.config.js
+++ b/next.config.js
@@ -4,13 +4,15 @@ const pkg = require('./package.json');
 
 const CLOUD_URL = 'https://cloud.umami.is';
 
+const EMBED_HOSTED_URL = process.env.EMBED_HOSTED_URL
+
 const contentSecurityPolicy = `
   default-src 'self';
   img-src *;
   script-src 'self' 'unsafe-eval';
   style-src 'self' 'unsafe-inline';
   connect-src 'self' api.umami.is;
-  frame-ancestors 'self';
+  frame-ancestors `self ${EMBED_HOSTED_URL}`;
 `;
 
 const headers = [

From b4a26314ef5b6a5d45faa1cd38b19c915724a2e6 Mon Sep 17 00:00:00 2001
From: Sukhpal Saini <bdcorps@users.noreply.github.com>
Date: Fri, 23 Jun 2023 09:57:07 -0400
Subject: [PATCH 2/2] Add a comment for EMBED_HOSTED_URL

---
 next.config.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/next.config.js b/next.config.js
index 061a48aa..e004566a 100644
--- a/next.config.js
+++ b/next.config.js
@@ -4,7 +4,8 @@ const pkg = require('./package.json');
 
 const CLOUD_URL = 'https://cloud.umami.is';
 
-const EMBED_HOSTED_URL = process.env.EMBED_HOSTED_URL
+// Space-separated list of URLs that can load the "Share" dashboard, i.e. http://app.localhost:7000 https://*.vercel.app
+const EMBED_HOSTED_URL = process.env.EMBED_HOSTED_URL;
 
 const contentSecurityPolicy = `
   default-src 'self';