Skip to content

fix: improve csp headers#2553

Merged
mburri merged 6 commits into
mainfrom
fix/csp-headers
May 11, 2026
Merged

fix: improve csp headers#2553
mburri merged 6 commits into
mainfrom
fix/csp-headers

Conversation

@mburri
Copy link
Copy Markdown
Contributor

@mburri mburri commented May 1, 2026
edited
Loading

Improve CSP Headers

  • vercel related urls are only included for actual vercel deployments
  • removed policy for https://cdn.jsdelivr.net that is actually unused
  • improved csp header for iframe embedding:

    • only certain paths should be embeddable:

      • /embed/abc/
      • /preview
      • /api/embed-aem-ext/en/xyz

    • other routes like /, /create/new/ and - even not applicable here /sign-in should not be allowed to be embedded in iframes

    • note: this was previously covered (in parts) with the customized csp header in /app/pages/embed/[chartId].tsx

  • This PR also removes the google analytics integration
  • I added a CHANGELOG entry
  • I made a self-review of my own code

@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented May 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
visualization-tool Ready Ready Preview, Comment May 11, 2026 3:32pm

Request Review

@mburri mburri requested review from BenjaminHofstetter and hupf May 1, 2026 14:42
@mburri mburri force-pushed the fix/csp-headers branch from 2081c38 to 83bdcf8 Compare May 11, 2026 13:57
hupf
hupf approved these changes May 11, 2026
View reviewed changes
Comment thread yarn.lock
source-map "^0.5.0"

"@babel/core@^7.0.0", "@babel/core@^7.10.5", "@babel/core@^7.12.3", "@babel/core@^7.12.9", "@babel/core@^7.18.9", "@babel/core@^7.21.0", "@babel/core@^7.23.0", "@babel/core@^7.24.4", "@babel/core@^7.26.10", "@babel/core@^7.7.7":
"@babel/core@7.12.9", "@babel/core@^7.0.0", "@babel/core@^7.10.5", "@babel/core@^7.12.3", "@babel/core@^7.12.9", "@babel/core@^7.14.6", "@babel/core@^7.18.9", "@babel/core@^7.21.0", "@babel/core@^7.23.0", "@babel/core@^7.24.4", "@babel/core@^7.26.10", "@babel/core@^7.7.7":
Copy link
Copy Markdown
Contributor

@hupf hupf May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did the lockfile change?

@mburri mburri force-pushed the fix/csp-headers branch from 09cc72b to b088ef0 Compare May 11, 2026 14:48
@mburri mburri merged commit f34caa9 into main May 11, 2026
12 checks passed
@mburri mburri deleted the fix/csp-headers branch May 11, 2026 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hupf hupf hupf approved these changes

@BenjaminHofstetter BenjaminHofstetter Awaiting requested review from BenjaminHofstetter

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mburri @hupf