refactor(csp): extract shared getEmbedCSPPolicy helper

Deduplicate getChatEmbedCSPPolicy and getFormEmbedCSPPolicy into a
shared private helper to prevent future divergence.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/lib/core/security/csp.ts

@@ -202,27 +202,28 @@ export function getWorkflowExecutionCSPPolicy(): string {
 }
 
 /**
- * CSP for embeddable chat pages
+ * Shared CSP for embeddable pages (chat, forms)
  * Allows embedding in iframes from any origin while maintaining other security policies
  */
-export function getChatEmbedCSPPolicy(): string {
-  const basePolicy = buildCSPString({
+function getEmbedCSPPolicy(): string {
+  return buildCSPString({
     ...buildTimeCSPDirectives,
     'frame-ancestors': ['*'],
   })
-  return basePolicy
+}
+
+/**
+ * CSP for embeddable chat pages
+ */
+export function getChatEmbedCSPPolicy(): string {
+  return getEmbedCSPPolicy()
 }
 
 /**
  * CSP for embeddable form pages
- * Allows embedding in iframes from any origin while maintaining other security policies
  */
 export function getFormEmbedCSPPolicy(): string {
-  const basePolicy = buildCSPString({
-    ...buildTimeCSPDirectives,
-    'frame-ancestors': ['*'],
-  })
-  return basePolicy
+  return getEmbedCSPPolicy()
 }
 
 /**