v1.15.0

github-actions released this 28 Apr 08:09

· 66 commits to main since this release

73f45ee

Tip

You can now control the CSP directive frame-ancestors via the environment variable CSP_FRAME_ANCESTORS.

For example to allow remote sources to allow VoucherVault being loaded via iframe.

The X-Frame-Options header is considered depreacted and was removed.

Features

remove deprecated xfo header and use django-csp v4 with CSP frame-ancestors env; fixes #71 (ff38122)

Assets 2