ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

fix: allow mollie.js in CSP, hide app header on checkout page

Browse Source
This commit is contained in:
Usman Baig
2026-03-26 21:38:47 +01:00
parent 6be8952fbe
commit 0f41eb4df4
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/layout-content.tsx
View File

@@ -91,6 +91,8 @@ function LayoutInner({ children }: { children: React.ReactNode }) {
const showOfflineBar = Boolean(auth.user && !isOnline)
// Site pages use DashboardShell with full sidebar — no Header needed
const isSitePage = pathname.startsWith('/sites/') && pathname !== '/sites/new'
// Checkout page has its own minimal layout — no app header/footer
const isCheckoutPage = pathname.startsWith('/checkout')
if (isSwitchingOrg) {
return <LoadingOverlay logoSrc="/pulse_icon_no_margins.png" title="Pulse" portal={false} />
@@ -113,6 +115,11 @@ function LayoutInner({ children }: { children: React.ReactNode }) {
)
}
// Checkout page: render children only (has its own layout)
if (isAuthenticated && isCheckoutPage) {
return <>{children}</>
}
// Authenticated non-site pages (sites list, onboarding, etc.): static header
if (isAuthenticated) {
return (

6
next.config.ts
View File

@@ -11,13 +11,13 @@ const withPWA = withPWAInit({
const cspDirectives = [
"default-src 'self'",
// Next.js requires 'unsafe-inline' for its bootstrap scripts; 'unsafe-eval' only in dev (HMR)
`script-src 'self' 'unsafe-inline'${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''}`,
`script-src 'self' 'unsafe-inline' https://js.mollie.com${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''}`,
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: blob: https://www.google.com https://*.gstatic.com https://ciphera.net",
"font-src 'self'",
`connect-src 'self' https://*.ciphera.net https://ciphera.net https://www.google.com https://*.gstatic.com https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
`connect-src 'self' https://*.ciphera.net https://ciphera.net https://www.google.com https://*.gstatic.com https://cdn.jsdelivr.net https://*.mollie.com${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
"worker-src 'self' blob:",
"frame-src 'none'",
"frame-src https://*.mollie.com",
"object-src 'none'",
"base-uri 'self'",
"form-action 'self' https://*.ciphera.net",