CPX-632: configure CSP frame-ancestors

bigcommerce · Sep 10, 2024 · b95178c · b95178c
1 parent 721c214
commit b95178c
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
@@ -1,3 +1,5 @@
+'use client';
+
 import { Analytics } from '@vercel/analytics/react';
 import { Source_Sans_3 } from 'next/font/google';
 import { type Metadata } from 'next/types';
@@ -6,6 +8,7 @@ import ThemeProvider from './theme-provider';
 import Script from 'next/script';
 import * as snippet from '@segment/snippet';
 import { env } from '~/env.mjs';
+import { useAppContext } from '~/context/AppContext';
 
 const sourceSans = Source_Sans_3({
   subsets: ['latin'],
@@ -29,9 +32,20 @@ export default function RootLayout({
     return snippet.min(opts);
   };
 
+  const { storeHash } = useAppContext();
+  const allowedParents = [
+    'self',
+    `https://store-${storeHash}.mybigcommerce.com`,
+    `https://store-${storeHash}.my-staging.com`,
+    `https://store-${storeHash}.my-integration.com`
+  ];
+
   return (
     <html lang="en">
       <head>
+      <meta
+        http-equiv="Content-Security-Policy"
+        frame-ancestors={allowedParents} />
         <link rel="icon" href="/favicon.svg" />
       </head>
       <body>