Conversation
Vercel CSRF protection blocks POST requests without explicit Content-Type: application/json, returning 403 Forbidden.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
anurag629
added a commit
that referenced
this pull request
Feb 27, 2026
* ci: enforce dev → main PR flow (#2) * docs: improve README hero image, add contributors section (#1) Switch hero from blog-minimal-dark to github-readme-hero template with brand accent color. Add contrib.rocks contributors grid. Condense contributing section to avoid redundancy with CONTRIBUTING.md. * ci: add workflow to restrict PRs targeting main to dev branch only PRs targeting main from any branch other than dev will fail the PR Target Check. This enforces the flow: feature branches → dev → main. * ci: retrigger checks after base branch change * ci: run CI on PRs targeting dev branch too * feat: Raycast-inspired UI/UX redesign (#3) * feat: Raycast-inspired UI/UX redesign across all pages Redesign the entire site with a polished, premium feel inspired by Raycast: - Design system: enhanced shadows, gradients, glassmorphism, animations - Header: frosted glass, gradient border, nav hover pills - Homepage: hero glow, equal-width bento category grid, feature cards, vertical timeline, terminal chrome API teaser, OSS banner - Templates gallery: search bar, filter pills, card hover glow - Editor: dot-grid canvas, refined panels, gradient export button - API docs: sidebar icons, terminal chrome code blocks, copy buttons - 404 page: SVG illustration, floating shapes, gradient text - Footer: 3-column grid layout with gradient top border - Layout: Astro View Transitions for smooth page navigation - Fix thumbnail API rendering templates at 600x315 viewport (cropping) instead of 1200x630 with resvg scale-down (showing full template) * feat: add GitHub stars and visitor counter utilities Add supporting libs for GitHub star count, Upstash Redis visitor counter, and the /api/visitors endpoint. Include .env.example for required environment variables. * fix: add Content-Type header to visitor counter POST request (#8) Vercel CSRF protection blocks POST requests without explicit Content-Type: application/json, returning 403 Forbidden.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Content-Type: application/jsonheader to the visitor counter POST request in the footerRoot cause
Vercel blocks POST requests with form-like content types (
application/x-www-form-urlencoded,multipart/form-data,text/plain). Afetch()withmethod: 'POST'and no explicitContent-Typedefaults totext/plain, which triggers the block.Test plan
/api/visitorsPOST returns 200 with JSON403 Forbiddenor JSON parse errors in browser console