2024-10-08T21-49-00Z

embed-hf-space.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Embed HF Space</title>
+</head>
+<body>
+    <iframe src="https://tddschn-mq-quiz.hf.space/" width="100%" height="100%" style="border:none;"></iframe>
+</body>
+</html>

src/quizsite/middleware.py

@@ -0,0 +1,12 @@
+from django.http import HttpResponse
+
+
+class CSPMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        response["Content-Security-Policy"] = "frame-ancestors 'self' https://*.huggingface.com https://*.teddysc.me;"
+        response["X-Frame-Options"] = "ALLOW-FROM https://*.huggingface.com https://*.teddysc.me"
+        return response

src/quizsite/settings.py

@@ -181,3 +181,24 @@ STATIC_ROOT = os.path.join(BASE_DIR, "staticfiles")
 # https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+ALLOWED_HOSTS = [
+    "localhost",
+    "mq-django-quiz-app.vercel.app",
+    "mq-quiz.teddysc.me",
+    "teddysc.me",
+    "g.teddysc.me",
+    "tddschn-mq-quiz.hf.space",
+    "huggingface.com",  # Add this line
+]
+
+CSRF_TRUSTED_ORIGINS = [
+    "http://localhost:8000",
+    "https://mq-django-quiz-app.vercel.app",
+    "https://mq-quiz.teddysc.me",
+    "https://teddysc.me",
+    "https://tddschn-mq-quiz.hf.space",
+    "http://tddschn-mq-quiz.hf.space",
+    "https://*.teddysc.me",  # Add this line
+    "https://*.huggingface.com",  # Add this line
+]