| from django.http import HttpResponse | |
| class CSPMiddleware: | |
| def __init__(self, get_response): | |
| self.get_response = get_response | |
| def __call__(self, request): | |
| response = self.get_response(request) | |
| response["Content-Security-Policy"] = "frame-ancestors 'self' https://*.huggingface.com https://*.teddysc.me;" | |
| response["X-Frame-Options"] = "ALLOW-FROM https://*.huggingface.com https://*.teddysc.me" | |
| return response | |