Skip to content

Develop#487

Merged
neue-dev merged 29 commits into
mainfrom
develop
Jun 11, 2026
Merged

Develop#487
neue-dev merged 29 commits into
mainfrom
develop

Conversation

@neue-dev

@neue-dev neue-dev commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

No description provided.

neue-dev and others added 29 commits June 6, 2026 16:34
@neue-dev
fix: reset password page wrong callback + params usage
e9c027d
@jayylmao
fix: add csp
0daa980
@jayylmao
fix: add csp (#478)
f75ba59 
Added Content Security Policy to restrict what content can be loaded.
Highly experimental and things may break.
@jayylmao
fix: allow pdfs through csp
f55bc12
@jayylmao
fix: allow pdfs through csp (#479)
3cb0dc7 
Fixed an issue where PDFs were not rendering because of the CSP.
Loosened it a bit to allow this.
@jayylmao
chore: update jspdf
304615f
@jayylmao
chore: update jspdf (#480)
6f7ef6b 
The JSPDF library version we're using has a lot of security issues.
Potentially breaking update; we should test all the PDF features on the
site.
@jayylmao
feat: https strict transport security
6143dd7
@jayylmao
feat: add security headers
a00cfd4
@jayylmao
fix: incorrect permissions-policy header
6a56391
@jayylmao
fix: clear query client on logout for hire and student
0faf9a6
@jayylmao
chore: update postcss
08f3082
@jayylmao
fix: additional security patches (#481)
9cd663f 
Patched several more issues:
- Added several security headers:
  - HTTP Strict Transport Security to enforce HTTPS/TSL communication.
- `X-Frame-Options` deny to prevent site from being loaded in an
`<iframe>` or similar tag.
  - `X-Content-Type` nosniff to prevent MIME sniffing.
- `Referrer-Policy` strict origin when cross origin to send less info on
cross-origin
  - `Permissions-Policy` to empty to enforce no web permissions granted.
- Updated `postcss` library. (potentially breaking change)
- Clear query client on logout for hire and student sites.
@jayylmao
fix: remove unnecessary unsafe csp exceptions
3c4bea3
@jayylmao
fix: remove unnecessary unsafe csp exceptions (#482)
abc75cf
@jayylmao
fix: blank page on deploy due to strict csp
a1e5bcd
@jayylmao
fix: blank page on deploy due to strict csp (#483)
1ec5677 
Loosened CSP policy to accommodate various uses of unsafe-inline styling
throughout the site. This should be removed in the future.
@jayylmao
fix: add cloudflare to script csp exceptions
90be3e9
@jayylmao
fix: add cloudflare to script csp exceptions (#484)
a81cff1 
Form previews were not working. Loosened CSP to allow CloudFlare's PDF
lib through.
@jayylmao
fix: add google storage to connect csp exceptions
55798d0
@jayylmao
fix: add google storage to connect csp exceptions (#485)
54c07ca
@anaj00
chore: use PDF viewer from package now
16ef0d4
@anaj00
chore: use PDF viewer from package (#486)
d740ba7
@neue-dev
feat: use signed url to access bucket documents
70caa70
@anaj00
chore: fixed autofill spilling into the form filler, and inconsistent…
a3ca8c6 
… name
@anaj00
refactor: remove initiatorFieldNames memoization and adjust filtering…
0b4edcb 
… logic
@anaj00
chore: add our bucket to image origin
a8d3046
@anaj00
chore: update signature field prompt and disable name input
3213971
@neue-dev
Merge branch 'main' into develop
7d0592f
@neue-dev neue-dev merged commit 882eac7 into main Jun 11, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@neue-dev @jayylmao @anaj00