Hugging Face's logo

Spaces:
Agents-MCP-Hackathon
/
KnowledgeBridge
Sleeping

App Files Community
fazeel007 commited on
Commit
8a11413
·
1 Parent(s): 76dbde8

Fix CSP frame-ancestors for Hugging Face Spaces

Browse files

Allow the app to be framed by Hugging Face domains in production
to prevent CSP violations. This resolves the frame-ancestors
error in the browser console.

Files changed (1) hide show
  1. server/index.ts +3 -0
server/index.ts CHANGED
@@ -53,6 +53,9 @@ app.use(helmet({
53
  styleSrc: ["'self'", "'unsafe-inline'"],
54
  imgSrc: ["'self'", "data:", "https:"],
55
  connectSrc: ["'self'", "https://api.studio.nebius.ai", "https://api.github.com"],
 
 
 
56
  },
57
  },
58
  }));
 
53
  styleSrc: ["'self'", "'unsafe-inline'"],
54
  imgSrc: ["'self'", "data:", "https:"],
55
  connectSrc: ["'self'", "https://api.studio.nebius.ai", "https://api.github.com"],
56
+ frameAncestors: process.env.NODE_ENV === 'production'
57
+ ? ["'self'", "https://*.hf.space", "https://huggingface.co"]
58
+ : ["'self'"], // Allow HF domains in production
59
  },
60
  },
61
  }));