nohype/main-site
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(preview): stop frame-policy conflicts and enforce canonical host #52

Merged
mark merged 2 commits from fix/wagtail-preview-frame-policy into main 2026-03-04 21:07:11 +00:00
Conversation 0 Commits 2 Files Changed 2 +32 -24
codex_a commented 2026-03-04 20:51:48 +00:00
Owner
Copy Link

Summary

  • remove edge X-Frame-Options: DENY from Caddy config (conflicted with Django SAMEORIGIN)
  • add www.nohypeai.net -> nohypeai.net redirect to keep preview same-origin
  • set Wagtail Site.hostname from WAGTAILADMIN_BASE_URL host first, then fallback to ALLOWED_HOSTS[0]

Why

Wagtail preview renders in an iframe and is sensitive to frame policy + exact origin matching. Deployed responses were emitting both DENY and SAMEORIGIN, and host mismatches (www vs apex) could still break preview intermittently.

Validation

  • sh -n deploy/entrypoint.prod.sh
  • caddy validate --config deploy/caddy/nohype.caddy --adapter caddyfile
## Summary - remove edge `X-Frame-Options: DENY` from Caddy config (conflicted with Django `SAMEORIGIN`) - add `www.nohypeai.net -> nohypeai.net` redirect to keep preview same-origin - set Wagtail `Site.hostname` from `WAGTAILADMIN_BASE_URL` host first, then fallback to `ALLOWED_HOSTS[0]` ## Why Wagtail preview renders in an iframe and is sensitive to frame policy + exact origin matching. Deployed responses were emitting both `DENY` and `SAMEORIGIN`, and host mismatches (`www` vs apex) could still break preview intermittently. ## Validation - `sh -n deploy/entrypoint.prod.sh` - `caddy validate --config deploy/caddy/nohype.caddy --adapter caddyfile`
codex_a added 1 commit 2026-03-04 20:51:49 +00:00
fix(preview): align frame policy and canonical host for Wagtail preview
All checks were successful
CI / nightly-e2e (pull_request) Has been skipped
Details
CI / deploy (pull_request) Has been skipped
Details
CI / ci (pull_request) Successful in 1m32s
Details
CI / pr-e2e (pull_request) Successful in 1m34s
Details
4ea1e66cdf
mark added 1 commit 2026-03-04 20:59:23 +00:00
Merge branch 'main' into fix/wagtail-preview-frame-policy
All checks were successful
CI / nightly-e2e (pull_request) Has been skipped
Details
CI / deploy (pull_request) Has been skipped
Details
CI / ci (pull_request) Successful in 1m38s
Details
CI / pr-e2e (pull_request) Successful in 1m35s
Details
e09e6a21f0
mark merged commit 93d3e4703b into main 2026-03-04 21:07:11 +00:00
mark deleted branch fix/wagtail-preview-frame-policy 2026-03-04 21:07:11 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude codex_a codex_b codex_c mark
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nohype/main-site#52
Delete Branch "fix/wagtail-preview-frame-policy"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?