Spaces:
Running
Running
File size: 1,507 Bytes
40855ff 3f47fb5 40855ff 3f47fb5 40855ff 3f47fb5 40855ff 3f47fb5 40855ff 3f47fb5 40855ff | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | /**
* iframe-fix.cjs — Node.js preload script
*
* Intercepts OpenClaw's HTTP server to:
* 1. Allow iframe embedding (strip X-Frame-Options, fix CSP)
*/
"use strict";
const http = require("http");
const origEmit = http.Server.prototype.emit;
http.Server.prototype.emit = function (event, ...args) {
if (event === "request") {
const [, res] = args;
// Only intercept on the main OpenClaw server (port 7860)
const serverPort = this.address && this.address() && this.address().port;
if (serverPort && serverPort !== 7860) {
return origEmit.apply(this, [event, ...args]);
}
// Fix iframe embedding — must be applied BEFORE any early returns
const origWriteHead = res.writeHead;
res.writeHead = function (statusCode, ...whArgs) {
if (res.getHeader) {
// Strip X-Frame-Options so it can load in a Hugging Face Space iframe
res.removeHeader("x-frame-options");
// Update Content-Security-Policy if it contains frame-ancestors 'none'
const csp = res.getHeader("content-security-policy");
if (csp && typeof csp === "string") {
res.setHeader(
"content-security-policy",
csp.replace(
/frame-ancestors\s+'none'/i,
"frame-ancestors 'self' https://huggingface.co https://*.hf.space",
),
);
}
}
return origWriteHead.apply(this, [statusCode, ...whArgs]);
};
}
return origEmit.apply(this, [event, ...args]);
};
|