Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CPX-632: configure CSP frame-ancestors #56

Closed
wants to merge 1 commit into from
Closed

CPX-632: configure CSP frame-ancestors #56

wants to merge 1 commit into from

Conversation

adambilsing
Copy link
Contributor

@adambilsing adambilsing commented Sep 9, 2024
edited
Loading

What/Why?

Implement a content security policy where the frame-ancestors are configured with a wildcard to only be loaded within BigCommerce iframes..

Modify headers at the edge to incliude the content-security-policy header with frame-ancestors allowing the three bigcomemrce environments.

Rollout/Rollback

revert

Testing

Screenshot 2024-09-11 at 11 39 09 AM

@bigcommerce/team-data

@vercel Vercel
Copy link

vercel bot commented Sep 9, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
ai-app-foundation ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 11, 2024 5:24pm

@adambilsing
Copy link
Contributor Author

confirmation:
Screenshot 2024-09-09 at 2 03 00 PM

@adambilsing adambilsing marked this pull request as ready for review September 9, 2024 19:09
@adambilsing adambilsing requested a review from a team as a code owner September 9, 2024 19:09
solofeed
solofeed approved these changes Sep 10, 2024
View reviewed changes
src/app/layout.tsx Outdated

const sourceSans = Source_Sans_3({
subsets: ['latin'],
weight: ['300', '400', '600', '700', '800'],
});

export const metadata: Metadata = { title: 'BigAI Copywriter' };
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we removing it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@solofeed changed the approach to handle the headers in middleware.

@adambilsing adambilsing marked this pull request as draft September 10, 2024 18:19
@adambilsing adambilsing force-pushed the CPX-632b branch 2 times, most recently from af5d36f to 2ee4fe4 Compare September 10, 2024 18:35
@adambilsing adambilsing force-pushed the CPX-632b branch 2 times, most recently from 69c9fa1 to 03c81f5 Compare September 11, 2024 06:00
@adambilsing adambilsing marked this pull request as ready for review September 11, 2024 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@solofeed solofeed solofeed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adambilsing @solofeed