Hugging Face's logo

Spaces:
abhisonu01
/
TrueLens-Forensics
Running

App Files Community
abhisonu01 commited on
Commit
3182d4e
·
verified ·
1 Parent(s): b931709

Upload app.py with huggingface_hub

Browse files
Files changed (1) hide show
  1. app.py +2 -2
app.py CHANGED
@@ -55,8 +55,8 @@ def apply_security_headers(response):
55
  response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
56
  response.headers['X-Content-Type-Options'] = 'nosniff'
57
  response.headers['X-XSS-Protection'] = '1; mode=block'
58
- # Allow framing from truelens.surge.sh by omitting X-Frame-Options DENY
59
- response.headers['Content-Security-Policy'] = "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data: blob:; connect-src 'self'; frame-ancestors 'self' https://truelens.surge.sh;"
60
  response.headers['Referrer-Policy'] = 'strict-origin-when-cross-origin'
61
 
62
  # Absolute zero-caching for inference results to maintain privacy
 
55
  response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
56
  response.headers['X-Content-Type-Options'] = 'nosniff'
57
  response.headers['X-XSS-Protection'] = '1; mode=block'
58
+ # Allow framing from Hugging Face & Surge, and allow external fonts/styles
59
+ response.headers['Content-Security-Policy'] = "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob:; connect-src 'self' https://huggingface.co; frame-ancestors 'self' https://truelens.surge.sh https://huggingface.co;"
60
  response.headers['Referrer-Policy'] = 'strict-origin-when-cross-origin'
61
 
62
  # Absolute zero-caching for inference results to maintain privacy