eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(docs): exclude /docs from CSP that blocks Mintlify (#1750)

Browse Source 
* fix(docs): exclude /docs from CSP header that blocks Mintlify scripts

The catch-all /(.*) header rule applied Content-Security-Policy with
SHA-based script-src to all routes including /docs/*. Mintlify generates
dozens of inline scripts that don't match those hashes, causing 71 CSP
errors and a completely blank docs page.

Fix: change catch-all to /((?!docs).*) so /docs paths inherit only
their own lightweight headers (nosniff, HSTS, referrer-policy).

* fix(tests): update deploy-config test for docs CSP exclusion

Test was looking for exact source '/(.*)', updated to match the new
'/((?!docs).*)' pattern that excludes /docs from the strict CSP.
This commit is contained in:
Elie Habib
2026-03-17 11:26:25 +04:00
committed by GitHub
parent 4353c20637
commit a4e9e5e607
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/deploy-config.test.mjs
View File

@@ -63,7 +63,7 @@ describe('deploy/cache configuration guardrails', () => {
});
const getSecurityHeaders = () => {
const rule = vercelConfig.headers.find((entry) => entry.source === '/(.*)');
const rule = vercelConfig.headers.find((entry) => entry.source === '/((?!docs).*)');
return rule?.headers ?? [];
};