diff --git a/apps/embed-iframe-mainnet/vercel.json b/apps/embed-iframe-mainnet/vercel.json
index f228932342..9fdb55644d 100644
--- a/apps/embed-iframe-mainnet/vercel.json
+++ b/apps/embed-iframe-mainnet/vercel.json
@@ -8,7 +8,7 @@
       "headers": [
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; script-src 'self'; object-src 'none'; connect-src 'self' https://umamiwallet.com https://www.googleapis.com https://graph.facebook.com https://kukai.eu.auth0.com https://fnd.web3auth.io https://*.node.web3auth.io https://*.tor.us https://mainnet.ecadinfra.com https://api.tzkt.io https://vitals.vercel-insights.com; img-src 'self' data:; frame-ancestors 'self' https://kanvas-poa.vercel.app https://kanvas-poa-git-poa-release-trili-tech.vercel.app"
+          "value": "default-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; script-src 'self'; object-src 'none'; connect-src 'self' https://umamiwallet.com https://www.googleapis.com https://graph.facebook.com https://kukai.eu.auth0.com https://fnd.web3auth.io https://*.node.web3auth.io https://*.tor.us https://mainnet.ecadinfra.com https://api.tzkt.io https://vitals.vercel-insights.com; img-src 'self' data:; frame-ancestors 'self' https://kanvas-poa.vercel.app https://kanvas-poa-git-poa-release-trili-tech.vercel.app http://localhost:3000"
         }
       ]
     }
diff --git a/apps/embed-iframe/src/ClientsPermissions.ts b/apps/embed-iframe/src/ClientsPermissions.ts
index 45cd697ce7..6751416b4d 100644
--- a/apps/embed-iframe/src/ClientsPermissions.ts
+++ b/apps/embed-iframe/src/ClientsPermissions.ts
@@ -23,7 +23,15 @@ const clientPermissions: Record<string, Permissions> = {
     operations: false,
     signPayload: false,
   },
-};
+  test: {
+    origins: [
+      "http://localhost:3000",
+    ],
+    login: true,
+    operations: true,
+    signPayload: true,
+  },
+}
 
 export const getPermissionsForOrigin = (origin: string): Permissions | null => {
   for (const key in clientPermissions) {