Spaces:
Sleeping
Sleeping
deploy: labeling server
Browse files- src/aamcq/annotation/api.py +11 -0
src/aamcq/annotation/api.py
CHANGED
|
@@ -80,6 +80,17 @@ def create_app(
|
|
| 80 |
app.state.max_labels_per_annotator = max_labels_per_annotator
|
| 81 |
app.state.access_password = access_password
|
| 82 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 83 |
def get_conn() -> sqlite3.Connection:
|
| 84 |
return app.state.conn
|
| 85 |
|
|
|
|
| 80 |
app.state.max_labels_per_annotator = max_labels_per_annotator
|
| 81 |
app.state.access_password = access_password
|
| 82 |
|
| 83 |
+
@app.middleware("http")
|
| 84 |
+
async def _deny_framing(request, call_next):
|
| 85 |
+
# Block any browser from rendering us inside an iframe. The HF
|
| 86 |
+
# Spaces outer page (huggingface.co/spaces/...) embeds us that
|
| 87 |
+
# way and its script-load cycle double-fires our password
|
| 88 |
+
# prompt. Users should visit the direct *.hf.space URL instead.
|
| 89 |
+
response = await call_next(request)
|
| 90 |
+
response.headers["X-Frame-Options"] = "DENY"
|
| 91 |
+
response.headers["Content-Security-Policy"] = "frame-ancestors 'none'"
|
| 92 |
+
return response
|
| 93 |
+
|
| 94 |
def get_conn() -> sqlite3.Connection:
|
| 95 |
return app.state.conn
|
| 96 |
|