fix: set headers so playground works again

[brian-smith-tcril]

The playground wasn't loading, it was showing the following error:

Refused to display 'https://deploy-preview-3367--paragon-openedx-v23.netlify.app/' in a frame because it set 'X-Frame-Options' to 'deny'.

I looked into it a bit and found https://answers.netlify.com/t/breaking-change-x-frame-options-set-to-deny/102220, after which I tried what was recommended in https://answers.netlify.com/t/breaking-change-x-frame-options-set-to-deny/102220/3

For the Redash project we found that we could overcome this by setting the Content-Security-Policy header in gatsby-config.js

  headers: [
    {
      source: '*',
      headers: [
        {
          key: 'Content-Security-Policy',
          value: 'frame-ancestors *;',
        },
      ],
    },
  ],

This works because X-Frame-Options is obsolete: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Also see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Warning: Instead of this header, use the frame-ancestors directive in a Content-Security-Policy header.

This made it so the main playground loaded correctly, but the iframes nested within the playground were failing with the same X-Frame-Options error.

I then started looking for ways to set the headers for playroom. I found https://docs.netlify.com/routing/headers/#syntax-for-the-netlify-configuration-file which mentioned netlify.toml, so I just added a headers section to our netlify.toml file and everything worked!

Everything working: https://deploy-preview-3381--paragon-openedx-v22.netlify.app/playground

[netlify]

✅ Deploy Preview for paragon-openedx-v22 ready!

Name	Link
🔨 Latest commit	f666b3b
🔍 Latest deploy log	https://app.netlify.com/sites/paragon-openedx-v22/deploys/67880d1aac39ef0008006cc0
😎 Deploy Preview	https://deploy-preview-3381--paragon-openedx-v22.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.44%. Comparing base (8979107) to head (f666b3b).
Report is 2 commits behind head on braden/react-gatsby-bump.

Additional details and impacted files

@@                    Coverage Diff                    @@
##           braden/react-gatsby-bump    #3381   +/-   ##
=========================================================
  Coverage                     93.44%   93.44%           
=========================================================
  Files                           251      251           
  Lines                          4519     4519           
  Branches                       1016     1055   +39     
=========================================================
  Hits                           4223     4223           
  Misses                          293      293           
  Partials                          3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bradenmacdonald]

Nice, thanks!