Update security settings to allow embedding in Discord

Modify vercel.json to adjust X-Frame-Options and Content-Security-Policy headers, specifically allowing activity embeds in Discord while maintaining security for other routes. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 9203795e-937a-4306-b81d-b4d5c78c240e Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 6ab6c801-e467-479e-99c4-239cb17db3d0 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7c94b7a0-29c7-4f2e-94ef-44b2153872b7/9203795e-937a-4306-b81d-b4d5c78c240e/qPXTzuE Replit-Helium-Checkpoint-Created: true
2025-12-08 01:34:25 +00:00 · 2025-12-08 01:34:25 +00:00 · c8a812d9ca
commit c8a812d9ca
parent 312072a869
1 changed files with 2 additions and 3 deletions
--- a/vercel.json
+++ b/vercel.json
@ -135,7 +135,6 @@
    {
      "source": "/activity(.*)",
      "headers": [
-        { "key": "X-Frame-Options", "value": "ALLOWALL" },
        { "key": "X-Content-Type-Options", "value": "nosniff" },
        {
          "key": "Referrer-Policy",
@ -148,7 +147,7 @@
      ]
    },
    {
-      "source": "/(.*)",
+      "source": "/:path((?!activity).*)",
      "headers": [
        { "key": "X-Frame-Options", "value": "DENY" },
        { "key": "X-Content-Type-Options", "value": "nosniff" },
@ -162,7 +161,7 @@
        },
        {
          "key": "Content-Security-Policy",
-          "value": "default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss:; frame-ancestors 'self' https://discord.com https://*.discord.com"
+          "value": "default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss:; frame-ancestors 'none'"
        }
      ]
    }