Hugging Face's logo

Spaces:
chkla
/
chat-ui-energy
Running

App Files Community
nsarrazin HF Staff commited on
Commit
40d5d77
·
1 Parent(s): ff0caae

fix(csp): ALLOW_IFRAME works on builds

Browse files
Files changed (1) hide show
  1. src/hooks.server.ts +5 -0
src/hooks.server.ts CHANGED
@@ -289,5 +289,10 @@ export const handle: Handle = async ({ event, resolve }) => {
289
  },
290
  });
291
 
 
 
 
 
 
292
  return response;
293
  };
 
289
  },
290
  });
291
 
292
+ // Add CSP header to disallow framing if ALLOW_IFRAME is not "true"
293
+ if (env.ALLOW_IFRAME !== "true") {
294
+ response.headers.append("Content-Security-Policy", "frame-ancestors 'none';");
295
+ }
296
+
297
  return response;
298
  };