Begin of the insertion* [ ] We need to be able to log in inside iframe as well. So, it has to be added for unathenticated session as well.

End of the insertion https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors