Change interaction modal in web UI (#26075)

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>

app/controllers/remote_interaction_helper_controller.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class RemoteInteractionHelperController < ApplicationController
+  vary_by ''
+
+  skip_before_action :require_functional!
+  skip_around_action :set_locale
+  skip_before_action :update_user_sign_in
+
+  content_security_policy do |p|
+    # We inherit the normal `script-src`
+
+    # Set every directive that does not have a fallback
+    p.default_src :none
+    p.form_action :none
+    p.base_uri :none
+
+    # Disable every directive with a fallback to cut on response size
+    p.base_uri false
+    p.font_src false
+    p.img_src false
+    p.style_src false
+    p.media_src false
+    p.frame_src false
+    p.manifest_src false
+    p.connect_src false
+    p.child_src false
+    p.worker_src false
+
+    # Widen the directives that we do need
+    p.frame_ancestors :self
+    p.connect_src :https
+  end
+
+  def index
+    expires_in(5.minutes, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day)
+
+    response.headers['X-Frame-Options'] = 'SAMEORIGIN'
+    response.headers['Referrer-Policy'] = 'no-referrer'
+
+    render layout: 'helper_frame'
+  end
+end