Hugging Face's logo

Spaces:
mishig
/
chat-ui
Running on CPU Upgrade

App Files Community
mishig HF Staff commited on
Commit
b868ae9
·
1 Parent(s): efbd4d0

fix: allow localhost in frame-ancestors for testing

Browse files
Files changed (2) hide show
  1. src/hooks.server.ts +7 -4
  2. svelte.config.js +2 -3
src/hooks.server.ts CHANGED
@@ -286,10 +286,13 @@ export const handle: Handle = async ({ event, resolve }) => {
286
 
287
  // Add CSP header to control iframe embedding
288
  if (config.ALLOW_IFRAME === "true") {
289
- const frameAncestors = ["'self'", "https://huggingface.co", "https://*.hf.space"];
290
- if (dev) {
291
- frameAncestors.push("http://localhost:*", "http://127.0.0.1:*");
292
- }
 
 
 
293
  response.headers.append(
294
  "Content-Security-Policy",
295
  `frame-ancestors ${frameAncestors.join(" ")};`
 
286
 
287
  // Add CSP header to control iframe embedding
288
  if (config.ALLOW_IFRAME === "true") {
289
+ const frameAncestors = [
290
+ "'self'",
291
+ "https://huggingface.co",
292
+ "https://*.hf.space",
293
+ "http://localhost:*",
294
+ "http://127.0.0.1:*",
295
+ ];
296
  response.headers.append(
297
  "Content-Security-Policy",
298
  `frame-ancestors ${frameAncestors.join(" ")};`
svelte.config.js CHANGED
@@ -43,9 +43,8 @@ const config = {
43
  "'self'",
44
  "https://huggingface.co",
45
  "https://*.hf.space",
46
- ...(process.env.NODE_ENV !== "production"
47
- ? ["http://localhost:*", "http://127.0.0.1:*"]
48
- : []),
49
  ]
50
  : ["'none'"],
51
  },
 
43
  "'self'",
44
  "https://huggingface.co",
45
  "https://*.hf.space",
46
+ "http://localhost:*",
47
+ "http://127.0.0.1:*",
 
48
  ]
49
  : ["'none'"],
50
  },