Update Dockerfile

Dockerfile

@@ -78,7 +78,7 @@ MIDDLEWARE = [\n\
     "django.middleware.csrf.CsrfViewMiddleware",\n\
     "django.contrib.auth.middleware.AuthenticationMiddleware",\n\
     "django.contrib.messages.middleware.MessageMiddleware",\n\
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",\n\
+    # Removed XFrameOptionsMiddleware to allow iframe embedding\n\
 ]\n\
 \n\
 # Keep all apps installed to avoid model dependency issues\n\
@@ -126,6 +126,23 @@ LOGGING = {\n\
 # Create anonymous user middleware reference\n\
 MIDDLEWARE.insert(0, "vlamy_ocr.middleware.AnonymousUserMiddleware")\n\
 \n\
+# Settings for HuggingFace Spaces iframe embedding\n\
+X_FRAME_OPTIONS = "ALLOWALL"  # Allow iframe embedding\n\
+SECURE_CROSS_ORIGIN_OPENER_POLICY = None\n\
+SECURE_REFERRER_POLICY = "same-origin"\n\
+\n\
+# Additional security settings for iframe embedding\n\
+SECURE_CONTENT_TYPE_NOSNIFF = False\n\
+SECURE_BROWSER_XSS_FILTER = False\n\
+\n\
+# Allow HuggingFace Spaces in CSP\n\
+CSP_FRAME_ANCESTORS = ["*"]\n\
+CSP_DEFAULT_SRC = ["*"]\n\
+\n\
+# Disable Django security warnings for iframe embedding\n\
+import warnings\n\
+warnings.filterwarnings("ignore", module="django.security")\n\
+\n\
 ' > /app/vlamy_ocr/settings_no_auth.py
 
 # Create a custom URL configuration for no-auth mode