AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-14 19:26:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: support other webapps embedded in iframe (#18877)

Browse Source
This commit is contained in:
Joel 2025-04-27 14:21:27 +08:00 committed by GitHub
parent 19f2a74ba8
commit d91828dd90
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/middleware.ts
View File

@ -6,7 +6,7 @@ const NECESSARY_DOMAIN = '*.sentry.io http://localhost:* http://127.0.0.1:* http
const wrapResponseWithXFrameOptions = (response: NextResponse, pathname: string) => { const wrapResponseWithXFrameOptions = (response: NextResponse, pathname: string) => {
// prevent clickjacking: https://owasp.org/www-community/attacks/Clickjacking // prevent clickjacking: https://owasp.org/www-community/attacks/Clickjacking
// Chatbot page should be allowed to be embedded in iframe. It's a feature // Chatbot page should be allowed to be embedded in iframe. It's a feature
if (process.env.NEXT_PUBLIC_ALLOW_EMBED !== 'true' && !pathname.startsWith('/chat')) if (process.env.NEXT_PUBLIC_ALLOW_EMBED !== 'true' && !pathname.startsWith('/chat') && !pathname.startsWith('/workflow') && !pathname.startsWith('/completion'))
response.headers.set('X-Frame-Options', 'DENY') response.headers.set('X-Frame-Options', 'DENY')
return response return response