From d91828dd904baa2cb3d3ec1dd4cb893ecf968e9b Mon Sep 17 00:00:00 2001 From: Joel Date: Sun, 27 Apr 2025 14:21:27 +0800 Subject: [PATCH] chore: support other webapps embedded in iframe (#18877) --- web/middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/middleware.ts b/web/middleware.ts index e3c82fc6e5..7eb5f37f21 100644 --- a/web/middleware.ts +++ b/web/middleware.ts @@ -6,7 +6,7 @@ const NECESSARY_DOMAIN = '*.sentry.io http://localhost:* http://127.0.0.1:* http const wrapResponseWithXFrameOptions = (response: NextResponse, pathname: string) => { // prevent clickjacking: https://owasp.org/www-community/attacks/Clickjacking // Chatbot page should be allowed to be embedded in iframe. It's a feature - if (process.env.NEXT_PUBLIC_ALLOW_EMBED !== 'true' && !pathname.startsWith('/chat')) + if (process.env.NEXT_PUBLIC_ALLOW_EMBED !== 'true' && !pathname.startsWith('/chat') && !pathname.startsWith('/workflow') && !pathname.startsWith('/completion')) response.headers.set('X-Frame-Options', 'DENY') return response