This commit is contained in:
dekun
2026-05-30 12:08:56 +08:00
parent 61c4d54305
commit acbd9576bc
6 changed files with 174 additions and 9 deletions
+29
View File
@@ -108,9 +108,38 @@ def install_on_app(
"meta_fn": meta_fn,
"views": views,
}
install_hub_embed_headers(app)
register_hub_routes(app)
def install_hub_embed_headers(app):
"""允许复盘中控 iframe 内嵌打开本实例(须与 hub 的 HUB_EMBED_ORIGINS 或域名一致)。"""
import os
allowed = (os.getenv("APP_ALLOW_HUB_EMBED") or "true").strip().lower() in (
"1",
"true",
"yes",
"on",
)
if not allowed:
return
origins = (
(os.getenv("HUB_EMBED_PARENT_ORIGINS") or os.getenv("HUB_EMBED_ORIGINS") or "*")
.strip()
)
@app.after_request
def _hub_embed_frame_headers(response):
if origins == "*":
response.headers["Content-Security-Policy"] = "frame-ancestors *"
else:
response.headers["Content-Security-Policy"] = (
f"frame-ancestors 'self' {origins}"
)
return response
def register_hub_routes(app):
auth_disabled = False
try: