fix: csp nonce

[thibaultleouay]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
openstatus-status-page	Ready	Preview, Comment	Apr 3, 2026 4:21pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
openstatus-dashboard	Skipped		Apr 3, 2026 4:21pm
openstatus-web	Skipped		Apr 3, 2026 4:21pm

[cubic-dev-ai]

2 issues found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/status-page/src/proxy.ts">

<violation number="1" location="apps/status-page/src/proxy.ts:156">
P1: The nullish-coalescing and ternary expression is grouped incorrectly, causing valid `redirect` values to be ignored.</violation>

<violation number="2" location="apps/status-page/src/proxy.ts:196">
P1: Rewrites set the CSP nonce in the response but do not forward the `x-nonce` request header, so rewritten routes can miss the nonce value needed by server components.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Rewrites set the CSP nonce in the response but do not forward the x-nonce request header, so rewritten routes can miss the nonce value needed by server components.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/status-page/src/proxy.ts, line 196:

<comment>Rewrites set the CSP nonce in the response but do not forward the `x-nonce` request header, so rewritten routes can miss the nonce value needed by server components.</comment>

<file context>
@@ -159,7 +193,7 @@ export default auth(async (req) => {
     // Preserve search params from original request
     rewriteUrl.search = url.search;
-    return NextResponse.rewrite(rewriteUrl);
+    return withCsp(NextResponse.rewrite(rewriteUrl));
   }
 
</file context>

[cubic-dev-ai]

P1: The nullish-coalescing and ternary expression is grouped incorrectly, causing valid redirect values to be ignored.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/status-page/src/proxy.ts, line 156:

<comment>The nullish-coalescing and ternary expression is grouped incorrectly, causing valid `redirect` values to be ignored.</comment>

<file context>
@@ -114,14 +146,16 @@ export default auth(async (req) => {
+        NextResponse.redirect(
+          new URL(
+            `${req.nextUrl.origin}${
+              redirect ?? type === "pathname" ? `/${prefix}` : "/"
+            }`,
+          ),
</file context>

Suggested change

	redirect ?? type === "pathname" ? `/${prefix}` : "/"
	redirect ?? (type === "pathname" ? `/${prefix}` : "/")