Don't add a CSP when disallowing framing.

The CSP header is already added to every request, so we don't need to
add a second policy.

infrastructure/framework-src/modules/global/response.js

@@ -342,7 +342,6 @@ response.setGzip = function(gzip) {
 
 response.disallowFraming = function() {
   response.setHeader('X-Frame-Options', 'SAMEORIGIN');
-  response.addHeader('Content-Security-Policy', "frame-ancestors 'self'");
 }
 
 response.allowFraming = function() {