[Peertube] Put CSP for iframe and CORS headers in file for re-use

pica-traefik/traefik_dynamic.toml

@@ -12,7 +12,6 @@
 
 [http]
   [http.middlewares.hardening.headers]
-    addVaryHeader = true
     browserXssFilter = true
     contentTypeNosniff = true
     forceSTSHeader = true
@@ -26,3 +25,10 @@
 
   [http.middlewares.compression.compress]
     excludedContentTypes = ["text/event-stream"]
+
+  [http.middlewares.allowFrameAndCORS.headers]
+    contentSecurityPolicy = "frame-ancestors *"
+    accessControlAllowHeaders = ["*"]
+    accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
+    accessControlAllowOriginList = ["*"]
+    accessControlExposeHeaders = ["*"]