Skip to content

fix: add API domains to CSP connect-src#298

Merged
mokn merged 1 commit intomainfrom
fix/csp-allow-api-domains
Mar 26, 2026
Merged

fix: add API domains to CSP connect-src#298
mokn merged 1 commit intomainfrom
fix/csp-allow-api-domains

Conversation

@mokn
Copy link
Copy Markdown
Collaborator

@mokn mokn commented Mar 26, 2026

Summary

  • CSP connect-src was missing https://ud-api.vercel.app, blocking the metadata upload fetch during character creation with a TypeError: Failed to fetch
  • Broken since b023f40 (March 24) when CSP was added for Privy production upgrade
  • Adds both production (ud-api.vercel.app) and beta (ud-api-beta.vercel.app) API domains
  • Adds csp.test.ts regression test that validates all required external domains are in the CSP

Test plan

  • CSP test suite passes (9/9)
  • Verify character creation works on production after merge + deploy
  • Check browser console for CSP violations on character creation flow

🤖 Generated with Claude Code

@mokn @claude
fix: add API domains to CSP connect-src — unblocks character creation
686b1b5 
The CSP added in b023f40 (March 24) omitted ud-api.vercel.app from
connect-src, causing the browser to block metadata uploads during
character creation with a "Failed to fetch" TypeError. Adds both
production and beta API domains. Includes a regression test that
validates all required external domains are present in the CSP.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
blog Ready Ready Preview, Comment Mar 26, 2026 3:30pm
ud Error Error Mar 26, 2026 3:30pm
ud-api Error Error Mar 26, 2026 3:30pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
ud-api-beta Ignored Ignored Mar 26, 2026 3:30pm

Request Review

@mokn mokn merged commit 3b30002 into main Mar 26, 2026
5 of 9 checks passed
@mokn mokn deleted the fix/csp-allow-api-domains branch March 26, 2026 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mokn