From f1dc12565a5d5e9673c0faf35f9eed35ca61add7 Mon Sep 17 00:00:00 2001
From: sirpiglr <49359077-sirpiglr@users.noreply.replit.com>
Date: Mon, 8 Dec 2025 01:24:50 +0000
Subject: [PATCH] Allow embedding of application activity within iframes

Add explicit X-Frame-Options: ALLOWALL header for the /activity route in vercel.json.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 9203795e-937a-4306-b81d-b4d5c78c240e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 33fd5360-4898-4766-9f76-bb81abbaf519
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7c94b7a0-29c7-4f2e-94ef-44b2153872b7/9203795e-937a-4306-b81d-b4d5c78c240e/qPXTzuE
Replit-Helium-Checkpoint-Created: true
---
 vercel.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vercel.json b/vercel.json
index bf9eeec6..37eaaec7 100644
--- a/vercel.json
+++ b/vercel.json
@@ -135,6 +135,7 @@
     {
       "source": "/activity(.*)",
       "headers": [
+        { "key": "X-Frame-Options", "value": "ALLOWALL" },
         { "key": "X-Content-Type-Options", "value": "nosniff" },
         {
           "key": "Referrer-Policy",