Skip to content

fix(security): CSP report-only and security headers#424

Merged
gabitoesmiapodo merged 4 commits intofeat/ai-integrationfrom
fix/security
Mar 30, 2026
Merged

fix(security): CSP report-only and security headers#424
gabitoesmiapodo merged 4 commits intofeat/ai-integrationfrom
fix/security

Conversation

@gabitoesmiapodo
Copy link
Copy Markdown
Collaborator

@gabitoesmiapodo gabitoesmiapodo commented Mar 23, 2026

Summary

  • Add Content-Security-Policy-Report-Only header via vercel.json to capture violations without breaking the app
  • Add X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers

Test plan

  • pnpm test passes
  • Deploy preview and check response headers contain CSP-Report-Only
  • Monitor CSP report endpoint for violations before switching to enforced mode

Copilot AI review requested due to automatic review settings March 23, 2026 21:45
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
components.dappbooster Ready Ready Preview, Comment Mar 30, 2026 7:03pm
demo.dappbooster Ready Ready Preview Mar 30, 2026 7:03pm
docs.dappbooster Ready Ready Preview, Comment Mar 30, 2026 7:03pm

Request Review

Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds security-related response headers at the Vercel edge to begin monitoring Content Security Policy violations (in Report-Only mode) and to set several baseline hardening headers for all routes.

Changes:

  • Configure Content-Security-Policy-Report-Only for all paths via vercel.json.
  • Add X-Content-Type-Options, X-Frame-Options, and Referrer-Policy headers globally.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gabitoesmiapodo gabitoesmiapodo mentioned this pull request Mar 23, 2026
Merged
5 tasks
@gabitoesmiapodo gabitoesmiapodo requested a review from Copilot March 23, 2026 22:18
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gabitoesmiapodo
fix(security): add CSP report-only header and security headers
d8cb437 
- Add Content-Security-Policy-Report-Only via vercel.json headers
  to capture violations without breaking existing functionality
- Add X-Content-Type-Options, X-Frame-Options, and Referrer-Policy headers
@gabitoesmiapodo gabitoesmiapodo self-assigned this Mar 30, 2026
Base automatically changed from fix/seo to feat/ai-integration March 30, 2026 18:56
@gabitoesmiapodo gabitoesmiapodo merged commit caf5c07 into feat/ai-integration Mar 30, 2026
5 checks passed
@gabitoesmiapodo gabitoesmiapodo deleted the fix/security branch March 30, 2026 19:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fernandomg fernandomg fernandomg approved these changes

Assignees

@gabitoesmiapodo gabitoesmiapodo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gabitoesmiapodo @fernandomg