feat: CPX-632 add CSP with frame-ancestors #57

adambilsing · 2024-09-11T17:25:51Z

What/Why?

Implement a content security policy where the frame-ancestors are configured with a wildcard to only be loaded within BigCommerce iframes..

Modify headers at the edge to incliude the content-security-policy header with frame-ancestors allowing the three bigcomemrce environments.

revert

@bigcommerce/team-data

vercel · 2024-09-11T17:25:54Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
ai-app-foundation	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 11, 2024 5:48pm

adambilsing requested a review from a team as a code owner September 11, 2024 17:25

adambilsing requested review from bc-evan-johnson and a team September 11, 2024 17:26

adambilsing force-pushed the CPX-632c branch 2 times, most recently from 34649b5 to da1f46d Compare September 11, 2024 17:27

adambilsing changed the title ~~feat: CPX-632 add CSP with explicit frame-ancestors~~ feat: CPX-632 add CSP with frame-ancestors Sep 11, 2024

vercel bot deployed to Preview September 11, 2024 17:30 View deployment

chanceaclark approved these changes Sep 11, 2024

View reviewed changes

adambilsing force-pushed the CPX-632c branch from da1f46d to af278d0 Compare September 11, 2024 17:39

vercel bot deployed to Preview September 11, 2024 17:40 View deployment

BC-KCarr approved these changes Sep 11, 2024

View reviewed changes

feat: CPX-632 add CSP with frame-ancestors

1e08475

adambilsing force-pushed the CPX-632c branch from af278d0 to 1e08475 Compare September 11, 2024 17:46

vercel bot deployed to Preview September 11, 2024 17:48 View deployment

bc-evan-johnson approved these changes Sep 11, 2024

View reviewed changes

adambilsing merged commit c3d47a4 into main Sep 11, 2024
3 checks passed