feat: embed signing experience (#1322)

2025-11-15 09:12:02 +10:00 · 2024-09-04 23:13:00 +10:00
parent 3657050b02
commit a1a8a174bf
39 changed files with 2090 additions and 75 deletions
--- a/apps/web/src/middleware.ts
+++ b/apps/web/src/middleware.ts
@ -76,6 +76,20 @@ async function middleware(req: NextRequest): Promise<NextResponse> {
    return response;
  }

+  if (req.nextUrl.pathname.startsWith('/embed')) {
+    const res = NextResponse.next();
+
+    // Allow third parties to iframe the document.
+    res.headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.headers.set('Access-Control-Allow-Origin', '*');
+    res.headers.set('Content-Security-Policy', "frame-ancestors *");
+    res.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
+    res.headers.set('X-Content-Type-Options', 'nosniff');
+    res.headers.set('X-Frame-Options', 'ALLOW-ALL');
+
+    return res;
+  }
+
  return NextResponse.next();
 }