Spaces:

BladeSzaSza
/

Immersive-Vibe-Development-Studio

Running

BolyosCsaba commited on 17 days ago

Commit

469018d

1 Parent(s): 2fa6c59

fix: use file-served iframe src instead of srcdoc

srcdoc iframes inherit parent CSP which blocks CDN scripts on HF Spaces.
Now writes studio HTML to sandbox_cache/studio_<hash>.html and loads it
via iframe src=/gradio_api/file=... (same origin, no CSP issues).

Files changed (2) hide show

.gitignore +1 -0
app.py +7 -5

.gitignore CHANGED Viewed

@@ -3,3 +3,4 @@ __pycache__/
 result/
 *.pyc
 .DS_Store

 result/
 *.pyc
 .DS_Store
+sandbox_cache/studio_*.html

app.py CHANGED Viewed

@@ -87,13 +87,15 @@ BRIDGE_JS = """
 def _wrap_in_iframe(studio_html: str) -> str:
-    """Wrap raw studio HTML in a sandboxed iframe via srcdoc."""
-    import html as html_mod
-    escaped = html_mod.escape(studio_html)
     return (
-        f'<iframe id="ivds-studio-iframe" srcdoc="{escaped}" '
         f'style="width:100%;height:600px;border:none;border-radius:8px;background:#1a1a2e" '
-        f'allow="autoplay" sandbox="allow-scripts allow-same-origin"></iframe>'
     )
 # ── Background temp-dir cleanup daemon ───────────────────────────────────────

 def _wrap_in_iframe(studio_html: str) -> str:
+    """Write studio HTML to a file and return an iframe loading it via src."""
+    import hashlib
+    key = hashlib.md5(studio_html[:200].encode()).hexdigest()[:8]
+    filename = f"sandbox_cache/studio_{key}.html"
+    Path(filename).write_text(studio_html)
     return (
+        f'<iframe id="ivds-studio-iframe" src="/gradio_api/file={filename}" '
         f'style="width:100%;height:600px;border:none;border-radius:8px;background:#1a1a2e" '
+        f'allow="autoplay"></iframe>'
     )
 # ── Background temp-dir cleanup daemon ───────────────────────────────────────