diff --git a/apps/web/src/utils/csp.ts b/apps/web/src/utils/csp.ts
index 47bb5b84b..7580afb40 100644
--- a/apps/web/src/utils/csp.ts
+++ b/apps/web/src/utils/csp.ts
@@ -53,6 +53,7 @@ export const CSP_POLICY = {
   'img-src': ["'self'", 'data:', 'https:', 'blob:'],
   'connect-src': ["'self'", 'ws:', 'wss:', 'http:', 'https:'],
   'font-src': ["'self'", 'data:', 'https://fonts.gstatic.com'],
+  'frame-src': ["'self'", 'http://localhost:8080', 'https://localhost:8080'],
   'object-src': ["'none'"],
   'base-uri': ["'self'"],
   'form-action': ["'self'"],
@@ -129,6 +130,7 @@ export const CSP_POLICY_DEV = {
   'img-src': ["'self'", 'data:', 'https:', 'blob:'],
   'connect-src': ["'self'", 'ws:', 'wss:', 'http:', 'https:'],
   'font-src': ["'self'", 'data:', 'https:'],
+  'frame-src': ["'self'", 'http://localhost:8080', 'https://localhost:8080'],
   'object-src': ["'none'"],
   'base-uri': ["'self'"],
   'form-action': ["'self'"],
diff --git a/apps/web/vite.config.ts b/apps/web/vite.config.ts
index fc6281cdf..40cda5a3e 100644
--- a/apps/web/vite.config.ts
+++ b/apps/web/vite.config.ts
@@ -196,6 +196,7 @@ export default defineConfig(({ mode }) => {
             "worker-src 'self' blob:",
             "img-src 'self' data: https: blob:",
             "connect-src 'self' ws: wss: http: https:",
+            "frame-src 'self' http://localhost:8080 https://localhost:8080",
             "object-src 'none'",
             "base-uri 'self'",
             "form-action 'self'",