Merge pull request 'fix(preview): stop frame-policy conflicts and enforce canonical host' (#52) from fix/wagtail-preview-frame-policy into main

Reviewed-on: #52

deploy/caddy/nohype.caddy

@@ -1,9 +1,12 @@
-nohypeai.net, www.nohypeai.net {
+www.nohypeai.net {
+	redir https://nohypeai.net{uri} permanent
+}
+
+nohypeai.net {
 	encode gzip zstd
 
 	header {
 		X-Content-Type-Options nosniff
-    X-Frame-Options DENY
 		Referrer-Policy strict-origin-when-cross-origin
 		Permissions-Policy "geolocation=(), microphone=(), camera=()"
 		X-Forwarded-Proto https

deploy/entrypoint.prod.sh

@@ -7,11 +7,16 @@ python manage.py migrate --noinput
 python manage.py collectstatic --noinput
 python manage.py update_index
 
-# Set Wagtail site hostname from first entry in ALLOWED_HOSTS
+# Set Wagtail site hostname from WAGTAILADMIN_BASE_URL when available.
+# This keeps preview/page URLs on the same origin as the admin host.
 python manage.py shell -c "
 from wagtail.models import Site
 import os
-hostname = os.environ.get('ALLOWED_HOSTS', 'localhost').split(',')[0].strip()
+from urllib.parse import urlparse
+
+admin_base = os.environ.get('WAGTAILADMIN_BASE_URL', '').strip()
+parsed = urlparse(admin_base) if admin_base else None
+hostname = parsed.hostname if parsed and parsed.hostname else os.environ.get('ALLOWED_HOSTS', 'localhost').split(',')[0].strip()
 Site.objects.update(hostname=hostname, port=443, site_name='No Hype AI')
 "