You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Bug Fixes
Enhanced Citations CSP Fix
Fixed Content Security Policy (CSP) violation that prevented enhanced citations PDF documents from being displayed in iframe modals.
Issue: CSP directive frame-ancestors 'none' blocked PDF endpoints from being embedded in iframes, causing console errors: "Refused to frame '...' because an ancestor violates the following Content Security Policy directive: 'frame-ancestors 'none''".
Root Cause: Enhanced citations use iframes to display PDF documents via /api/enhanced_citations/pdf endpoint, but the restrictive CSP policy prevented same-origin iframe embedding.
Solution: Changed CSP configuration from frame-ancestors 'none' to frame-ancestors 'self', allowing same-origin framing while maintaining security against external clickjacking attacks.
Security Impact: No reduction in security posture - external websites still cannot embed application content, only same-origin framing is now allowed.
Benefits: Enhanced citations PDF modals now display correctly without CSP violations, improved user experience for document viewing.
