From d17d1a31897fbd34555a46dade24f2e23474615d Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Mon, 18 May 2026 17:37:15 +0200 Subject: [PATCH] feat(metrics): tag cryptify uploads with X-Cryptify-Source: website MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sets X-Cryptify-Source on the PostGuard SDK so cryptify (≥0.1.27+, encryption4all/cryptify#102) classifies uploads from this site deterministically rather than via the Origin-host fallback. Origin-based detection collided with the Outlook add-in, which is served from addin.*.postguard.eu — that host matches cryptify's `contains("postguard.")` rule and shadows the User-Agent "outlook" check. With the explicit header, the website always reports `channel="website"` regardless of the deploy host. --- src/lib/postguard.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/postguard.ts b/src/lib/postguard.ts index 1c8f2fc..a2d4786 100644 --- a/src/lib/postguard.ts +++ b/src/lib/postguard.ts @@ -17,6 +17,11 @@ export const retryStatus = writable(null) export const pg = new PostGuard({ pkgUrl: PKG_URL, cryptifyUrl: FILEHOST_URL, + // Identifies traffic from this site in cryptify's per-channel + // upload metrics. Without this, cryptify falls back to matching the + // browser Origin header, which collides with the Outlook add-in + // (also served from a *.postguard.eu host). + headers: { 'X-Cryptify-Source': 'website' }, ...(CHUNK_SIZE !== undefined && { uploadChunkSize: CHUNK_SIZE }), retry: { // Defaults (5 attempts, 500ms initial) exhaust the retry budget in