iframe Widget missing allow-same-origin in sandbox attribute
When embedding external dashboards (e.g., Apache Superset) via the iframe widget, the iframe is sandboxed without the allow-same-origin flag, causing:
SecurityError: Failed to read the 'cookie' property from 'Document':
The document is sandboxed and lacks the 'allow-same-origin' flag.
Current behavior:
<iframe src="..." sandbox="allow-scripts allow-forms allow-popups"></iframe>
Expected behavior:
<iframe src="..." sandbox="allow-scripts allow-same-origin allow-forms allow-popups"></iframe>
Impact:
Cannot embed dashboards that require cookies/sessions (Superset, Metabase, Grafana, etc.)
Many BI tools become unusable in Twenty dashboards
SecurityError: Failed to read the 'cookie' property from 'Document':
The document is sandboxed and lacks the 'allow-same-origin' flag.
Current behavior:
<iframe src="..." sandbox="allow-scripts allow-forms allow-popups"></iframe>
Expected behavior:
<iframe src="..." sandbox="allow-scripts allow-same-origin allow-forms allow-popups"></iframe>
Impact:
Cannot embed dashboards that require cookies/sessions (Superset, Metabase, Grafana, etc.)
Many BI tools become unusable in Twenty dashboards
