Removed browser contect policy so that attachments would be visible. Part 2.

Thanks to xet7 !

Fixes #4468

.meteor/packages

@@ -77,7 +77,6 @@ accounts-password@1.6.2
 cfs:gridfs
 rzymek:fullcalendar
 momentjs:moment@2.22.2
-browser-policy-framing@1.1.0
 mquandalle:moment
 msavin:usercache
 # Keep stylus in 1.1.0, because building v2 takes extra 52 minutes.

.meteor/versions

@@ -18,8 +18,6 @@ binary-heap@1.0.11
 blaze@2.5.0
 blaze-tools@1.1.2
 boilerplate-generator@1.7.1
-browser-policy-common@1.0.11
-browser-policy-framing@1.1.0
 caching-compiler@1.2.2
 caching-html-compiler@1.2.0
 callback-hook@1.3.0

server/policy.js

@@ -15,18 +15,18 @@ Meteor.startup(() => {
   if (process.env.BROWSER_POLICY_ENABLED === 'true') {
     // Trusted URL that can embed Wekan in iFrame.
     const trusted = process.env.TRUSTED_URL;
-    BrowserPolicy.framing.disallow();
+    ////BrowserPolicy.framing.disallow();
     //Allow inline scripts, otherwise there is errors in browser/inspect/console
     //BrowserPolicy.content.disallowInlineScripts();
     //BrowserPolicy.content.disallowEval();
     //BrowserPolicy.content.allowInlineStyles();
     //BrowserPolicy.content.allowFontDataUrl();
-    BrowserPolicy.framing.restrictToOrigin(trusted);
+    ////BrowserPolicy.framing.restrictToOrigin(trusted);
     //BrowserPolicy.content.allowScriptOrigin(trusted);
   } else {
     // Disable browser policy and allow all framing and including.
     // Use only at internal LAN, not at Internet.
-    BrowserPolicy.framing.allowAll();
+    ////BrowserPolicy.framing.allowAll();
   }