Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: csp support for turbo and add environment type #269

Merged
merged 2 commits into from
Oct 24, 2024
Merged

chore: csp support for turbo and add environment type #269

merged 2 commits into from
Oct 24, 2024

Conversation

stefl
Copy link
Contributor

@stefl stefl commented Oct 24, 2024
edited
Loading

Description

  • Alters the CSP header generation to support Turbo by using UUID instead of the crypto library (it has trouble with it)
  • Adds a stricter definition of the environment name to save us getting mixed up between "prd" and "production"
  • Fixes a bug that I think is in production right now
  • Adds support for skipping the frame rules so that mobile tests run in dev

@vercel Vercel
Copy link

vercel bot commented Oct 24, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
oak-ai-lesson-assistant ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 24, 2024 3:47pm

@stefl stefl changed the title chore: csp support for turbo chore: csp support for turbo and add environment type Oct 24, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@github-actions GitHub Actions
Copy link

Playwright test results

passed  13 passed
skipped  1 skipped

Details

report  Open report ↗︎
stats  14 tests across 13 suites
duration  1 minute, 30 seconds
commit  14be650

Skipped tests

No persona › tests/auth.test.ts › authenticate through Clerk UI

@stefl stefl requested a review from a team October 24, 2024 16:39
codeincontext
codeincontext approved these changes Oct 24, 2024
View reviewed changes
apps/nextjs/src/middlewares/csp.ts
// Use uuid library to generate a random value
return uuidv4();
}
return uuidv4();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The uuid package says "Cryptographically-strong random values", but it would still sit slightly better with me if there was a way to keep using crypto in production. This feels like a bit of a downgrade, but I don't think it would matter in practicality

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've since discovered "node:crypto" so perhaps we merge this and then investigate that?

@stefl stefl merged commit 70131a3 into main Oct 24, 2024
15 checks passed
@stefl stefl deleted the chore/csp_config branch October 24, 2024 23:09
@mikeritson-oak mikeritson-oak mentioned this pull request Oct 28, 2024
Merged
@oak-machine-user
Copy link
Collaborator

🎉 This PR is included in version 1.12.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeincontext codeincontext codeincontext approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefl @oak-machine-user @codeincontext