My service is receiving a Content-Security-Policy response header with a sandbox policy that does not include the allow-same-origin permission. This is blocking my application's functionality. I have reviewed all the configuration options for my service (Domains, Middlewares, Variables, etc.) and there is nowhere to modify this header. I need guidance on how to add allow-same-origin to the CSP policy for my domains."

Translated with DeepL.com (free version)