Try to be iframe friendly.

defaults/main.yml

@@ -26,6 +26,7 @@ inception_project_disable_crsf: True
 # In seconds
 inception_project_backup_keep_time: 0
 inception_pep: True
+inception_project_pep_allow_iframe: True
 inception_authz_audience_name: inception
 keycloak_auth_server: https://localhost
 #keycloak_auth_credentials_prod: 'use a vault file'

templates/nginx.default.conf.j2

@@ -23,12 +23,17 @@ server {
   proxy_set_header Connection $connection_upgrade;
 {% endif %}
 
+{% if inception_project_pep_allow_iframe %}
+  proxy_hide_header X-Frame-Options;
+  add_header X-Frame-Options "";
+{% endif %}
+  proxy_buffering off; # Required for HTTP-based CLI to work over SSL
+  # Required for new HTTP-based CLI
+  proxy_request_buffering off;
+
   location /wicket/resource/ {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -44,8 +49,6 @@ server {
   location /telemetry.html {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
     proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -62,9 +65,6 @@ server {
   location ~ /telemetry.html.* {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -80,9 +80,6 @@ server {
   location /projects.html {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -98,9 +95,6 @@ server {
   location ~ /projects.html.* {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -113,13 +107,9 @@ server {
     proxy_pass http://_inception-server;
   }
 
-
   location /users.html {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -135,9 +125,6 @@ server {
   location ~ /users.html.* {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -153,9 +140,6 @@ server {
   location ~ /de\.tudarmstadt\.ukp\.inception.* {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -171,9 +155,6 @@ server {
   location /p/ {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -189,9 +170,6 @@ server {
   location /manage/ {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -207,9 +185,6 @@ server {
   location /admin/ {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -225,9 +200,6 @@ server {
   location /favicon.ico {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -243,9 +215,6 @@ server {
   location /favicon.png {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -261,9 +230,6 @@ server {
   location /spinner.gif {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -279,9 +245,6 @@ server {
   location /images/ {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
@@ -301,9 +264,6 @@ server {
   location @backend {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
-    # Required for new HTTP-based CLI
-    proxy_request_buffering off;
-    proxy_buffering off; # Required for HTTP-based CLI to work over SSL
     proxy_set_header Connection ""; # Clear for keepalive
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;