Skip to content

fix(serve): exclude /assets/ from layout middleware, allow data: fonts in CSP#47

Merged
avrabe merged 1 commit intomainfrom
fix/asset-routes-csp
Mar 19, 2026
Merged

fix(serve): exclude /assets/ from layout middleware, allow data: fonts in CSP#47
avrabe merged 1 commit intomainfrom
fix/asset-routes-csp

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented Mar 19, 2026

Summary

  • /assets/htmx.js and /assets/mermaid.js were being wrapped in the HTML page shell by the redirect middleware, causing JS parse errors
  • CSP header was blocking base64-embedded fonts (data: URIs)

Two-line fix in mod.rs.

Test plan

  • All tests pass
  • Playwright E2E (CI)
  • Manual: rivet serve → no console errors, HTMX navigation works, fonts load

🤖 Generated with Claude Code

@claude
fix(serve): exclude /assets/ from layout middleware, allow data: font…
af8bd86 
…s in CSP

Two bugs:
1. The redirect middleware was wrapping /assets/htmx.js and
   /assets/mermaid.js responses in the HTML page shell, causing
   "Unexpected token '<'" errors in the browser. Fixed by excluding
   /assets/* paths from the middleware (same as /api/*, /wasm/*, etc.)

2. CSP header blocked base64-embedded fonts (data: URIs) because
   font-src defaulted to 'self'. Added explicit font-src 'self' data:
   directive.

Fixes: FEAT-001

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@avrabe avrabe merged commit 8a99f8e into main Mar 19, 2026
@avrabe avrabe deleted the fix/asset-routes-csp branch March 19, 2026 20:05
@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 19, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe