Feat/fix cookie store for cross origin#87
Merged
Conversation
…rigin - Removed Access-Control-Allow-Origin from netlify.toml. - Added middleware to vary the Origin header in storage and verify functions. - Included a new integration test to validate CORS response for TradeTrust production website.
- Upgraded @trustvc/trustvc to version 2.12.2. - Updated @digitalbazaar/di-sd-primitives to version 3.3.0 and its dependencies. - Changed JSON schema version in document-sepolia.json to 3.0 and updated its structure to align with the new schema.
- Updated @types/node to version 22.19.15. - Added undici-types version 6.20.0 to the package-lock.json.
- Updated multiple dependencies to their latest versions, including @aws-sdk/client-kms and related packages. - Added resolved URLs and integrity hashes for several packages to ensure package integrity.
- Modified the npm install command in the GitHub Actions workflow to use the --omit=optional flag, improving installation efficiency by excluding optional dependencies.
- Downgraded @trustvc/trustvc to version 2.0.7 and @types/node to version 22.0.0 in package-lock.json. - Removed resolved URLs and integrity hashes for several packages to streamline the lock file. - Updated the npm install command in the GitHub Actions workflow to include all dependencies.
- Changed the npm install command from 'npm ci' to 'npm i' in both manual_forked.yml and manual.yml workflows to streamline dependency installation.
- Removed optional dependencies from package-lock.json to streamline the file. - Added a new dependency for @netlify/blobs version 6.5.0 in package-lock.json. - Updated npm install command in manual_forked.yml and manual.yml workflows to include all dependencies.
…npm ci - Changed the npm install command from 'npm i' to 'npm ci' in both manual_forked.yml and manual.yml workflows for improved consistency and reliability in dependency installation.
- Changed the schema version in document-sepolia.json from 3.0 to 2.0. - Updated the structure of the document to align with the new schema, including changes to the data fields and template references. - Adjusted import paths in integration tests to reference the updated document-sepolia.json file.
- Removed import of document-sepolia version 2 and replaced it with version 3 in both document-storage.test.ts and document-verify.test.ts. - Updated postDataSepoliaV2 to use documentSepoliaV3 for consistency across tests.
- Changed the test description to explicitly mention the origin URL as https://ref.tradetrust.io for clarity and accuracy in the integration tests.
- Removed the "if-none-match" header from the request to prevent 304 responses that omit access-control-allow-origin. - Added a test to ensure the server returns a 200 status with the correct CORS headers even when the cached ETag matches.
✅ Deploy Preview for tradetrust-functions ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughPR removes public CORS wildcard origin from Netlify configuration, adds Origin-aware Vary headers to serverless handlers, prevents CSRF-token conditional request caching via If-None-Match removal and Cache-Control headers, upgrades the ChangesCORS and CSRF-Token Handling
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@tests/integration/document-storage.test.ts`:
- Line 22: The test fixture alias postDataSepoliaV2 is incorrectly assigned
documentSepoliaV3; update the test to restore a true v2 payload or rename the
alias and related test descriptions to v3 to match the fixture. Specifically,
replace the value of postDataSepoliaV2 to reference the correct v2 fixture
(e.g., documentSepoliaV2) or rename postDataSepoliaV2 to postDataSepoliaV3 and
update any test titles or expectations that reference "v2 sepolia" so they
consistently reflect v3 behavior; search for usages of postDataSepoliaV2 and
documentSepoliaV3 in document-storage.test.ts and update them together to keep
intent and coverage accurate.
In `@tests/integration/document-verify.test.ts`:
- Line 22: The test fixture alias postDataSepoliaV2 is incorrectly assigned
documentSepoliaV3; update the test to either use the correct v2 fixture (e.g.,
replace documentSepoliaV3 with documentSepoliaV2) or rename the alias and any
test labels to v3 for clarity; locate occurrences of postDataSepoliaV2 and
documentSepoliaV3 in the test file and make the alias and test descriptions
consistent (use documentSepoliaV2 for v2 tests or rename to postDataSepoliaV3
and adjust test names).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: c8032855-172f-427a-8501-9e0cc495a5bc
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (8)
netlify.tomlnetlify/functions/storage/index.tsnetlify/functions/storage/router.tsnetlify/functions/verify/index.tspackage.jsontests/integration/document-storage.test.tstests/integration/document-verify.test.tstests/integration/headers.test.ts
💤 Files with no reviewable changes (1)
- netlify.toml
- Disabled ETag generation in the storage function to prevent 304 responses that omit CORS headers. - Updated the CSRF token handling in the router to ensure consistent responses with appropriate CORS headers.
- Updated imports and postData for document-sepolia version 2 in both document-storage.test.ts and document-verify.test.ts to use the correct file. - Ensured consistency in the test data by referencing the appropriate document-sepolia version 2 instead of version 3.
…nto feat/fix-cookie-store-for-cross-origin
rongquan1
approved these changes
May 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
What is the background of this pull request?
Changes
Issues
What are the related issues or stories?
Summary by CodeRabbit
Release Notes
Bug Fixes
Chores
Tests