Skip to content

feat: domain-based CSP policies#85

Draft
Matthew-Wise wants to merge 4 commits intomainfrom
worktree-domains
Draft

feat: domain-based CSP policies#85
Matthew-Wise wants to merge 4 commits intomainfrom
worktree-domains

Conversation

@Matthew-Wise
Copy link
Copy Markdown
Owner

@Matthew-Wise Matthew-Wise commented Mar 24, 2026

Summary

  • Introduces per-domain CSP policy resolution via DomainKeyResolver so different Umbraco domains can have their own CSP definitions (closes Add functionality to make settings domain specific #53)
  • Adds CspDomainsController to expose domain info to the backoffice
  • Adds DomainPolicyMigration to extend the database schema
  • Adds an "Add domain policy" tree action and modal in the backoffice
  • Regenerates OpenAPI client to include domain endpoints
  • Adds Playwright webServer config so tests auto-start the test site
  • Adds a playwright CI job in csp-manager.yml running in parallel with the existing build job

Test plan

  • Start test site and verify domain policies can be created via the tree action
  • Verify CSP headers reflect the correct per-domain policy on request
  • Run npm test locally — all 9 Playwright tests pass
  • Push to a PR and verify the playwright CI job passes in GitHub Actions

🤖 Generated with Claude Code

Matthew-Wise and others added 4 commits March 24, 2026 22:36
@Matthew-Wise @claude
feat: add domain-based CSP policies and Playwright CI support
cb59a8a 
Closes #53

- Introduce per-domain CSP policy resolution via DomainKeyResolver so different Umbraco domains can have their own CSP definitions
- Add CspDomainsController to expose domain info to the backoffice
- Add DomainPolicyMigration to extend the database schema
- Add 'Add domain policy' tree action and modal in the backoffice
- Regenerate OpenAPI client to include domain endpoints
- Wire Playwright webServer config so tests can start the test site automatically
- Add playwright CI job to csp-manager.yml running in parallel with build

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Matthew-Wise @claude
fix: resolve CI build failures in migration insert and test site startup
1401ec2 
Use CspDefinitionSchema (without DomainKey) for the initial migration
insert to avoid SQLite errors when the column doesn't exist yet. Make
appSettings environment JSON optional so the test site starts in CI
where appSettings.Development.json is absent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Matthew-Wise @claude
ci: upgrade upload/download-artifact actions to v5
8e63284 
Bumps actions/upload-artifact and actions/download-artifact from v4 to
v5 to resolve Node.js 20 deprecation warnings ahead of the June 2026
forced Node.js 24 migration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Matthew-Wise @claude
test: add coverage for domain-based CSP policies
5981f1e 
Tests cover domain middleware selection and fallback, domain cache invalidation, service CRUD for domain definitions, and validation rules for domain API models.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add functionality to make settings domain specific

1 participant

@Matthew-Wise