Space-Leaderboard

Running

App Files Files Community

seawolf2357 commited on Mar 12

Commit

f8b8ae4

verified ·

1 Parent(s): c3b008e

Update app.py

Browse files

Files changed (1) hide show

app.py +37 -3

app.py CHANGED Viewed

@@ -1,7 +1,38 @@
-from flask import Flask, render_template, request, redirect, url_for, jsonify, session
 import requests
 import os
 from datetime import timedelta
 app = Flask(__name__)
 app.secret_key = os.urandom(24)  # Session encryption key
@@ -599,6 +630,9 @@ if __name__ == '__main__':
       urls.forEach(item => {
         const { url, title } = item;
         // Create grid item
         const gridItem = document.createElement('div');
         gridItem.className = 'grid-item';
@@ -625,9 +659,9 @@ if __name__ == '__main__':
         const content = document.createElement('div');
         content.className = 'grid-content';
-        // Create iframe to display the actual content
         const iframe = document.createElement('iframe');
-        iframe.src = url;
         iframe.title = title;
         iframe.sandbox = 'allow-same-origin allow-scripts allow-popups allow-forms';
         iframe.allow = 'accelerometer; camera; encrypted-media; geolocation; gyroscope; microphone; midi';

+# Proxy route to bypass X-Frame-Options
+@app.route('/proxy/<path:url>')
+def proxy(url):
+    # Authorization header if user is logged in
+    headers = {}
+    if 'token' in session:
+        headers["Authorization"] = f"Bearer {session['token']}"
+    try:
+        # Parse URL to ensure it's safe
+        parsed_url = urlparse(url)
+        if not parsed_url.netloc.endswith('huggingface.co'):
+            return "Only Huggingface URLs are allowed", 403
+        # Make request to the target URL
+        response = requests.get(url, headers=headers, stream=True)
+        # Create response
+        resp = Response(
+            response.iter_content(chunk_size=10*1024),
+            content_type=response.headers.get('Content-Type')
+        )
+        # Remove headers that prevent iframe embedding
+        resp.headers.remove('X-Frame-Options')
+        resp.headers.remove('Content-Security-Policy')
+        return resp
+    except Exception as e:
+        print(f"Proxy error: {e}")
+        return f"Error: {str(e)}", 500from flask import Flask, render_template, request, redirect, url_for, jsonify, session, Response
 import requests
 import os
 from datetime import timedelta
+from urllib.parse import urlparse
 app = Flask(__name__)
 app.secret_key = os.urandom(24)  # Session encryption key
       urls.forEach(item => {
         const { url, title } = item;
+        // Create proxy URL
+        const proxyUrl = `/proxy/${encodeURIComponent(url)}`;
         // Create grid item
         const gridItem = document.createElement('div');
         gridItem.className = 'grid-item';
         const content = document.createElement('div');
         content.className = 'grid-content';
+        // Create iframe to display the actual content via proxy
         const iframe = document.createElement('iframe');
+        iframe.src = proxyUrl;
         iframe.title = title;
         iframe.sandbox = 'allow-same-origin allow-scripts allow-popups allow-forms';
         iframe.allow = 'accelerometer; camera; encrypted-media; geolocation; gyroscope; microphone; midi';