Add config option to disallow framing via CSP

Signed-off-by: David Mehren <git@herrmehren.de>

lib/config/environment.js

@@ -22,7 +22,8 @@ module.exports = {
     enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
     reportURI: process.env.CMD_CSP_REPORTURI,
     addDisqus: toBooleanConfig(process.env.CMD_CSP_ADD_DISQUS),
-    addGoogleAnalytics: toBooleanConfig(process.env.CMD_CSP_ADD_GOOGLE_ANALYTICS)
+    addGoogleAnalytics: toBooleanConfig(process.env.CMD_CSP_ADD_GOOGLE_ANALYTICS),
+    allowFraming: toBooleanConfig(process.env.CMD_CSP_ALLOW_FRAMING)
   },
   cookiePolicy: process.env.CMD_COOKIE_POLICY,
   protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),