Spaces:
Running
Running
Fix HF connect error: explicitly set app_port and relax helmet security for iframes
Browse files- README.md +1 -0
- server/src/index.js +14 -3
README.md
CHANGED
|
@@ -4,6 +4,7 @@ emoji: 🕸️
|
|
| 4 |
colorFrom: red
|
| 5 |
colorTo: purple
|
| 6 |
sdk: docker
|
|
|
|
| 7 |
pinned: false
|
| 8 |
---
|
| 9 |
|
|
|
|
| 4 |
colorFrom: red
|
| 5 |
colorTo: purple
|
| 6 |
sdk: docker
|
| 7 |
+
app_port: 7860
|
| 8 |
pinned: false
|
| 9 |
---
|
| 10 |
|
server/src/index.js
CHANGED
|
@@ -14,10 +14,21 @@ const path = require('path');
|
|
| 14 |
|
| 15 |
const app = express();
|
| 16 |
|
| 17 |
-
// Security Middleware
|
| 18 |
-
app.use(helmet(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 19 |
app.use(cors({
|
| 20 |
-
origin:
|
| 21 |
methods: ['GET', 'POST']
|
| 22 |
}));
|
| 23 |
|
|
|
|
| 14 |
|
| 15 |
const app = express();
|
| 16 |
|
| 17 |
+
// Security Middleware (Relaxed for Hugging Face Iframe)
|
| 18 |
+
app.use(helmet({
|
| 19 |
+
contentSecurityPolicy: {
|
| 20 |
+
directives: {
|
| 21 |
+
...helmet.contentSecurityPolicy.getDefaultDirectives(),
|
| 22 |
+
"frame-ancestors": ["'self'", "https://huggingface.co", "https://*.hf.space"],
|
| 23 |
+
"script-src": ["'self'", "'unsafe-inline'"],
|
| 24 |
+
"img-src": ["'self'", "data:", "https:"]
|
| 25 |
+
},
|
| 26 |
+
},
|
| 27 |
+
frameguard: false // Required for HF Spaces to work inside its iframe
|
| 28 |
+
}));
|
| 29 |
+
|
| 30 |
app.use(cors({
|
| 31 |
+
origin: '*', // Allow all origins in production for the Space
|
| 32 |
methods: ['GET', 'POST']
|
| 33 |
}));
|
| 34 |
|