Skip to content

Vercel config #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 28, 2025
Merged

Vercel config #1

merged 1 commit into from
May 28, 2025

Conversation

fewensa
Copy link
Contributor

@fewensa fewensa commented May 28, 2025

No description provided.

@github-actions GitHub Actions
Copy link

---
Commit: ea0eb4e
Preview: https://degov-docs-jramrlonl-itering.vercel.app

@fewensa fewensa requested a review from Copilot May 28, 2025 02:20
Copilot
Copilot AI reviewed May 28, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a Vercel configuration file to inject security headers across all routes.

  • Defines a catch-all route to apply headers globally
  • Adds common security headers: X-Content-Type-Options, Referrer-Policy, X-Frame-Options, and Strict-Transport-Security

vercel.json
},
{
"key": "Strict-Transport-Security",
"value": "max-age=2592000"
Copy link
Preview

Copilot AI May 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Strict-Transport-Security header should include includeSubDomains and preload directives and consider a longer max-age (e.g., >= 6 months) to meet recommended HSTS best practices.

Suggested change
"value": "max-age=2592000"
"value": "max-age=15768000; includeSubDomains; preload"

Copilot uses AI. Check for mistakes.

vercel.json
@@ -0,0 +1,25 @@
{
"headers": [
Copy link
Preview

Copilot AI May 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Consider adding a Content-Security-Policy header to define allowed sources and help mitigate cross-site scripting (XSS) risks.

Copilot uses AI. Check for mistakes.

@boundless-forest boundless-forest merged commit 03f367f into main May 28, 2025
1 check passed
@fewensa fewensa deleted the feature-ci branch May 28, 2025 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@boundless-forest boundless-forest boundless-forest approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fewensa @boundless-forest