From 80cc9a5fe5e090ada9e502ef62619477ea815bb2 Mon Sep 17 00:00:00 2001
From: "Builder.io" <builder-bot@builder.io>
Date: Wed, 5 Nov 2025 20:18:11 +0000
Subject: [PATCH] Add headers to allow Discord iframe embedding

cgen-2b1ba4a135b64d0b862ed3289277fdb6
---
 server/index.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/server/index.ts b/server/index.ts
index 96b8c3e7..37583932 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -93,6 +93,17 @@ export function createServer() {
   // Middleware
   app.use(cors());
 
+  // Allow Discord to embed the activity in iframes
+  app.use((req, res, next) => {
+    // Allow embedding in iframes (Discord Activities need this)
+    res.setHeader("X-Frame-Options", "ALLOWALL");
+    // Allow Discord to access the iframe
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, x-signature-ed25519, x-signature-timestamp");
+    next();
+  });
+
   // Discord endpoint needs raw body for signature verification
   app.post(
     "/api/discord/interactions",