/**
 * iframe-fix.cjs — Node.js preload script
 *
 * Intercepts OpenClaw's HTTP server to:
 * 1. Allow iframe embedding (strip X-Frame-Options, fix CSP)
 */
'use strict';

const http = require('http');

console.log('[iframe-fix] Initialized: Allowing iframe embedding for *.hf.space and huggingface.co');

const origEmit = http.Server.prototype.emit;

http.Server.prototype.emit = function (event, ...args) {
  if (event === 'request') {
    const [, res] = args;

    // Only intercept on the main OpenClaw server (port 7860)
    const serverPort = this.address && this.address() && this.address().port;
    if (serverPort && serverPort !== 7860) {
      return origEmit.apply(this, [event, ...args]);
    }

    // Fix iframe embedding — must be applied BEFORE any early returns
    const origWriteHead = res.writeHead;
    res.writeHead = function (statusCode, ...whArgs) {
      if (res.getHeader) {
        // Strip X-Frame-Options so it can load in a Hugging Face Space iframe
        res.removeHeader('x-frame-options');
        
        // Update Content-Security-Policy if it contains frame-ancestors 'none'
        const csp = res.getHeader('content-security-policy');
        if (csp && typeof csp === 'string') {
          res.setHeader('content-security-policy',
            csp.replace(/frame-ancestors\s+'none'/i,
              "frame-ancestors 'self' https://huggingface.co https://*.hf.space"));
        }
      }
      return origWriteHead.apply(this, [statusCode, ...whArgs]);
    };
  }

  return origEmit.apply(this, [event, ...args]);
};