fix login
Build & Deploy / Build & Push Docker Image (push) Failing after 48s
Build & Deploy / Deploy to VPS (push) Has been skipped
Test / API Unit Tests (push) Failing after 5m2s
Test / Marketplace Unit Tests (push) Failing after 4m56s
Test / Admin Unit Tests (push) Successful in 9m36s
Test / Dashboard Unit Tests (push) Successful in 9m37s
Test / API Integration Tests (push) Successful in 9m54s

This commit is contained in:
root
2026-06-27 00:55:55 -04:00
parent 0f083d8e5d
commit ab03ee3a4d
2 changed files with 27 additions and 3 deletions
+17 -1
View File
@@ -19,9 +19,25 @@ function applySecurityHeaders(response: NextResponse, contentSecurityPolicy: str
return response;
}
function resolveApiOrigin(): string | undefined {
const origins = new Set<string>();
const urls = [process.env.API_INTERNAL_URL, process.env.NEXT_PUBLIC_API_URL];
for (const url of urls) {
if (!url) continue;
try {
origins.add(new URL(url).origin);
} catch {
// ignore malformed URLs
}
}
return origins.size > 0 ? Array.from(origins).join(' ') : undefined;
}
export function proxy(request: NextRequest): NextResponse {
const nonce = createNonce();
const csp = buildContentSecurityPolicy(nonce, process.env.NODE_ENV !== 'production');
const isDev = process.env.NODE_ENV !== 'production';
const apiOrigin = resolveApiOrigin();
const csp = buildContentSecurityPolicy(nonce, isDev, apiOrigin);
const requestHeaders = new Headers(request.headers);
requestHeaders.set('x-nonce', nonce);
requestHeaders.set('Content-Security-Policy', csp);