Skip to content

Harden the Partytown reverse proxy recipe #3808

Description

@fredericoo

Problem

The Partytown recipe includes a /reverse-proxy route that mirrors upstream response headers from allowlisted domains. If an allowlisted host returns active document content, the storefront can serve that content as same-origin through the recipe route.

This recipe is production guidance, so the proxy should fail closed for unsafe response types.

Expected behaviour

  • Reject proxied document-style responses instead of forwarding them.
  • Keep the route usable for the third-party script responses the recipe is intended to proxy.
  • Add defensive response headers for proxied content.
  • Regenerate the Partytown recipe docs after changing the ingredient source.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions