patillacode/dropit
patillacode/dropit
1
0
Fork 0
Code Issues Pull requests Projects Releases 7 Packages 1 Wiki Activity Actions

feat: serve user pages on per-page subdomains for origin isolation #2

Merged
patillacode merged 8 commits from fix/subdomain-isolation-security-headers into main 2026-05-28 17:51:58 +02:00
Conversation 0 Commits 8 Files changed 12 +96 -29
patillacode commented 2026-05-28 16:49:10 +02:00
Owner
Copy link

Uploaded HTML now served at {page_id}.{CONTENT_DOMAIN} instead of /p/{page_id} on the app origin, preventing token theft via localStorage.
Adds security headers middleware for app routes and content headers (noindex, no-store) on served pages.
Adds --proxy-headers to uvicorn.

Uploaded HTML now served at `{page_id}.{CONTENT_DOMAIN}` instead of `/p/{page_id}` on the app origin, preventing token theft via localStorage. Adds security headers middleware for app routes and content headers (`noindex`, `no-store`) on served pages. Adds `--proxy-headers` to uvicorn.
feat: serve user pages on per-page subdomains for origin isolation
All checks were successful
CI / test (pull_request) Successful in 59s
Details
b1210109b7 
Uploaded HTML now served at {page_id}.{CONTENT_DOMAIN} instead of
/p/{page_id} on the app origin, preventing token theft via localStorage.
Adds security headers middleware for app routes and content headers
(noindex, no-store) on served pages. Adds --proxy-headers to uvicorn.
feat: serve user pages on per-page subdomains for origin isolation
All checks were successful
CI / test (pull_request) Successful in 21s
Details
260bc00022 
Uploaded HTML now served at {page_id}.{CONTENT_DOMAIN} instead of
/p/{page_id} on the app origin, preventing token theft via localStorage.
Adds security headers middleware for app routes and content headers
(noindex, no-store) on served pages. Adds --proxy-headers to uvicorn.
docs: add CONTENT_DOMAIN to .env.example
All checks were successful
CI / test (pull_request) Successful in 20s
Details
36fbf43d54
refactor: remove dead /p/{page_id} route and unused pages router
Some checks failed
CI / test (pull_request) Failing after 16s
Details
b6a6a5f341
fix: use content_domain for URLs in admin listing and extract page_url helper
Some checks failed
CI / test (pull_request) Failing after 16s
Details
d050147d86
fix: format
All checks were successful
CI / test (pull_request) Successful in 22s
Details
b795b4e0e1
patillacode deleted branch fix/subdomain-isolation-security-headers 2026-05-28 17:51:58 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
patillacode/dropit!2
No description provided.