Skip to content

Commit 363b18d

Browse files
committed
style: drop inline comment from proxy CSP fix
1 parent 27e3cf8 commit 363b18d

1 file changed

Lines changed: 0 additions & 6 deletions

File tree

apps/sim/proxy.ts

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -283,12 +283,6 @@ export async function proxy(request: NextRequest) {
283283
const response = NextResponse.next()
284284
response.headers.set('Vary', 'User-Agent')
285285

286-
// Every remaining matched route (landing/marketing pages, /demo, /pricing, etc.)
287-
// needs the runtime CSP, not next.config.ts's build-time policy — the build-time
288-
// policy bakes `isHosted` from whatever NEXT_PUBLIC_APP_URL was available at
289-
// build/boot time, which silently drops the googletagmanager.com/google-analytics.com
290-
// allowlist entries when that value wasn't resolved yet. Previously only '/' got this
291-
// override, so GTM/GA loaded on the homepage but was CSP-blocked everywhere else.
292286
response.headers.set('Content-Security-Policy', generateRuntimeCSP())
293287
response.headers.set('X-Content-Type-Options', 'nosniff')
294288
response.headers.set('X-Frame-Options', 'SAMEORIGIN')

0 commit comments

Comments
 (0)