[dagit] Enable limited frame-src
Summary:
As reported on Slack.
Re-enable frame-src CSP directive to allow showing ipynb iframes. Allowed on localhost for dev, otherwise 'self'. This has been broken since the CSP was released.
I've added sandbox to the iframe to keep it a bit more locked down, since I don't really know how dangerous the rendered contents actually are. It doesn't seem like they need any JavaScript, but I assume if they do, someone is going to report bugs to us fairly quickly.
Test Plan:
Run dagit with dagstermill repo:
$ dagit -p 3333 -m dagstermill.examples.repositoryUse "View notebook" in job overviews to view the notebook dialog. Verify that there are no CSP issues, and that the notebook renders as expected, with appropriate styling.
Repeat with a prod build.
Reviewers: bengotow, max, yuhan, prha
Reviewed By: prha
Differential Revision: https://dagster.phacility.com/D9210