Hi Figma team,

I'm building a product that provides user research and prototype testing capabilities to our customers. A key feature of our product is a widget that can be embedded on our customers' websites, allowing them to collect user feedback on Figma prototypes directly within their own domains.

Current Challenge:
- We use Figma's Embed Kit 2.0 to display prototypes within our widget
- The frame-ancestors CSP restriction requires pre-registering all domains where the prototype will be embedded
- Our widget can be embedded on any customer domain, making it impractical to manually register each domain

What we're looking for:
1. An API endpoint to programmatically manage allowed origins for embeds
2. OR a way to dynamically validate embed origins through our Figma OAuth integration
3. OR alternative approaches that would support our use case of embedding prototypes within a widget on customer domains

Current workarounds we've considered:
- Proxy approach (blocked by CSP)
- Manual domain registration (not scalable for our use case)

Technical context:
- Using Embed Kit 2.0