Removed browser contect policy so that attachments would be visible.

Thanks to xet7 !

Fixes #4468

server/policy.js

@@ -1,12 +1,16 @@
-import { BrowserPolicy } from 'meteor/browser-policy-common';
+//import { BrowserPolicy } from 'meteor/browser-policy-common';
 
 Meteor.startup(() => {
-
+/*
   // Default allowed
   BrowserPolicy.content.allowInlineScripts();
   BrowserPolicy.content.allowEval();
   BrowserPolicy.content.allowInlineStyles();
-  BrowserPolicy.content.allowSameOriginForAll();
+  BrowserPolicy.content.allowOriginForAll('*');
+  // Allow all images from anywhere
+  BrowserPolicy.content.allowImageOrigin('*');
+  BrowserPolicy.content.allowDataUrlForAll();
+*/
 
   if (process.env.BROWSER_POLICY_ENABLED === 'true') {
     // Trusted URL that can embed Wekan in iFrame.
@@ -23,11 +27,8 @@ Meteor.startup(() => {
     // Disable browser policy and allow all framing and including.
     // Use only at internal LAN, not at Internet.
     BrowserPolicy.framing.allowAll();
-    //BrowserPolicy.content.allowDataUrlForAll();
   }
 
-  // Allow all images from anywhere
-  //BrowserPolicy.content.allowImageOrigin('*');
 
   // If Matomo URL is set, allow it.
   const matomoUrl = process.env.MATOMO_ADDRESS;