admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Web CSP — add api.goodgo.vn to connect-src
Some checks failed
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 13s
Details
CI / E2E Tests (push) Has been skipped
Details
Deploy / Build API Image (push) Failing after 22s
Details
Deploy / Build Web Image (push) Failing after 10s
Details
Deploy / Build AI Services Image (push) Failing after 9s
Details
E2E Tests / Playwright E2E (push) Failing after 15s
Details
Deploy / Deploy to Staging (push) Has been skipped
Details
Deploy / Smoke Test Staging (push) Has been skipped
Details
Deploy / Deploy to Production (push) Has been skipped
Details
Deploy / Smoke Test Production (push) Has been skipped
Details
Deploy / Rollback Staging (push) Has been skipped
Details
Deploy / Rollback Production (push) Has been skipped
Details

Browse Source 
Content-Security-Policy connect-src only allowed 'self' + mapbox in
production, blocking all browser fetch to api.goodgo.vn. Added
NEXT_PUBLIC_API_URL to connect-src whitelist.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Ho Ngoc Hai
2026-04-15 00:25:54 +07:00
parent a394bb3139
commit f9c23a5173
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/web/next.config.js
View File

@@ -43,7 +43,7 @@ const nextConfig = {
"style-src 'self' 'unsafe-inline' https://api.mapbox.com",
"img-src 'self' data: blob: https://*.mapbox.com https://*.tiles.mapbox.com https:",
"font-src 'self' data:",
`connect-src 'self' https://*.mapbox.com https://api.mapbox.com https://events.mapbox.com${process.env.NODE_ENV !== 'production' ? ' http://localhost:3001 http://localhost:3011' : ''}`,
`connect-src 'self' https://*.mapbox.com https://api.mapbox.com https://events.mapbox.com ${process.env.NEXT_PUBLIC_API_URL || 'https://api.goodgo.vn'}${process.env.NODE_ENV !== 'production' ? ' http://localhost:3001 http://localhost:3011' : ''}`,
"worker-src 'self' blob:",
"child-src 'self' blob:",
"frame-ancestors 'none'",