Spaces:
Running
Running
| /** | |
| * iframe-fix.cjs — Node.js preload script | |
| * | |
| * Intercepts OpenClaw's HTTP server to: | |
| * 1. Allow iframe embedding (strip X-Frame-Options, fix CSP) | |
| */ | |
| ; | |
| const http = require("http"); | |
| const origEmit = http.Server.prototype.emit; | |
| http.Server.prototype.emit = function (event, ...args) { | |
| if (event === "request") { | |
| const [, res] = args; | |
| // Only intercept on the main OpenClaw server (port 7860) | |
| const serverPort = this.address && this.address() && this.address().port; | |
| if (serverPort && serverPort !== 7860) { | |
| return origEmit.apply(this, [event, ...args]); | |
| } | |
| // Fix iframe embedding — must be applied BEFORE any early returns | |
| const origWriteHead = res.writeHead; | |
| res.writeHead = function (statusCode, ...whArgs) { | |
| if (res.getHeader) { | |
| // Strip X-Frame-Options so it can load in a Hugging Face Space iframe | |
| res.removeHeader("x-frame-options"); | |
| // Update Content-Security-Policy if it contains frame-ancestors 'none' | |
| const csp = res.getHeader("content-security-policy"); | |
| if (csp && typeof csp === "string") { | |
| res.setHeader( | |
| "content-security-policy", | |
| csp.replace( | |
| /frame-ancestors\s+'none'/i, | |
| "frame-ancestors 'self' https://huggingface.co https://*.hf.space", | |
| ), | |
| ); | |
| } | |
| } | |
| return origWriteHead.apply(this, [statusCode, ...whArgs]); | |
| }; | |
| } | |
| return origEmit.apply(this, [event, ...args]); | |
| }; | |