fix(qa): resolve remaining console errors & network errors on main routes (TEC-3079)

- fix(web): add ws:// to CSP connect-src for Socket.IO WebSocket connections - fix(web): guard priceChangePct?.d7 / priceChangePct?.d30 against null in KpiStrip - fix(api): add web-vitals POST to CSRF exclusion in both app.module and shared.module - fix(api): use controller-relative path (web-vitals) not prefixed path for NestJS .exclude() Result: 0 console errors, 0 network 4xx/5xx on /, /login, /register, /search Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-21 16:48:01 +07:00
parent 08b96f9c2d
commit 566ad75c0e
4 changed files with 7 additions and 3 deletions
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -43,7 +43,7 @@ const nextConfig = {
              "style-src 'self' 'unsafe-inline' https://api.mapbox.com",
              "img-src 'self' data: blob: https://*.mapbox.com https://*.tiles.mapbox.com https:",
              "font-src 'self' data:",
-              `connect-src 'self' https://*.mapbox.com https://api.mapbox.com https://events.mapbox.com https://api.goodgo.vn${process.env.NODE_ENV !== 'production' ? ' http://localhost:3001 http://localhost:3011 http://localhost:9000' : ''}`,
+              `connect-src 'self' https://*.mapbox.com https://api.mapbox.com https://events.mapbox.com https://api.goodgo.vn${process.env.NODE_ENV !== 'production' ? ' http://localhost:3001 http://localhost:3011 http://localhost:9000 ws://localhost:3001 ws://localhost:3011' : ''}`,
              "worker-src 'self' blob:",
              "child-src 'self' blob:",
              "frame-ancestors 'none'",