From 445084484b69e14bee59bcf4373df68400917187 Mon Sep 17 00:00:00 2001
From: Brian Smith <bsmith@axim.org>
Date: Wed, 15 Jan 2025 13:30:05 -0500
Subject: [PATCH] fix: set headers so playground works again

---
 www/gatsby-config.mjs | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/www/gatsby-config.mjs b/www/gatsby-config.mjs
index d088ec63d7..5fb2bc7ab7 100644
--- a/www/gatsby-config.mjs
+++ b/www/gatsby-config.mjs
@@ -138,6 +138,28 @@ export default {
   // Match the location of the site on github pages if no path prefix is specified
   pathPrefix: process.env.PATH_PREFIX || '',
   plugins,
+  // Netlify now injects the Netlify Gatsby adapter to gatsby sites using a version
+  // of gatsby that supports gatsby adapters (>= 5.12.0)
+  // This includes "X-Frame-Options; DENY" as a default, which conflicts with having
+  // the playground in a frame.
+  // X-Frame-Options is deprecated and MDN recommends using the frame-ancestors
+  // directive in a Content-Security-Policy header instead.
+  // See:
+  // * https://answers.netlify.com/t/breaking-change-x-frame-options-set-to-deny/102220
+  // * https://www.netlify.com/blog/gatsby-adapters-realize-the-full-potential-of-gatsby-on-your-platform/
+  // * https://www.gatsbyjs.com/docs/how-to/previews-deploys-hosting/adapters/
+  // * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  headers: [
+    {
+      source: '*',
+      headers: [
+        {
+          key: 'Content-Security-Policy',
+          value: 'frame-ancestors *;',
+        },
+      ],
+    },
+  ],
   flags: {
     FAST_DEV: true,
   },