Merge branch 'ah/bc-user-settings' into staging

lib/recognizer_web/controllers/accounts/user_settings_controller.ex

@@ -10,13 +10,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do
     if Application.get_env(:recognizer, :redirect_url) && !get_session(conn, :bc) do
       redirect(conn, external: Application.get_env(:recognizer, :redirect_url))
     else
-      conn
-      |> delete_resp_header("x-frame-options")
-      |> put_resp_header(
-        "Content-Security-Policy",
-        "default-src 'self'; frame-ancestors 'self' https://bigcommerce.com;"
-      )
-      |> render("edit.html")
+      render(conn, "edit.html")
     end
   end
 

lib/recognizer_web/router.ex

@@ -11,6 +11,7 @@ defmodule RecognizerWeb.Router do
     plug :fetch_flash
     plug :protect_from_forgery
     plug :put_secure_browser_headers, @hsts_header
+    plug :allow_bc_frame
   end
 
   pipeline :api do
@@ -45,6 +46,15 @@ defmodule RecognizerWeb.Router do
     conn
   end
 
+  defp allow_bc_frame(conn, _opts),
+    do:
+      conn
+      |> delete_resp_header("x-frame-options")
+      |> put_resp_header(
+        "Content-Security-Policy",
+        "default-src 'self'; frame-ancestors 'self' https://bigcommerce.com;"
+      )
+
   scope "/", RecognizerWeb do
     pipe_through [:browser, :bc]