From 6c49857d707dfea191e0082fa50a0a1c426a80b7 Mon Sep 17 00:00:00 2001
From: Adam Rauch <adam@labkey.com>
Date: Wed, 3 Jun 2026 10:57:55 -0700
Subject: [PATCH] Admin option to customize frame-ancestors

---
 server/embedded/src/org/labkey/embedded/LabKeyServer.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
index 825869df93..1c49bcd268 100644
--- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java
+++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
@@ -99,12 +99,12 @@ public static void main(String[] args)
         // Add upgrade_insecure_requests substitution, frame-ancestors, and enforce version
         String enforceCsp = baseCsp + """
                 ${UPGRADE.INSECURE.REQUESTS}
-                frame-ancestors 'self' ;
-                /* cspVersion=e15 */
+                frame-ancestors 'self' ${FRAMEANCESTORS.SOURCES} ;
+                /* cspVersion=e16 */
             """;
         // Leave out upgrade_insecure_requests and frame-ancestors directives, since they produce warnings on some browsers
         String reportCsp = baseCsp + """
-                /* cspVersion=r15 */
+                /* cspVersion=r16 */
             """;
 
         application.setDefaultProperties(new HashMap<>()