Yesterday's Top Poster

Vercel Sandbox firewall now supports request proxying and filtering

  • Thread starter Thread starter Tom Lienard, Valerian Roche, Brandon Tuttle
  • Start date Start date
The Vercel Sandbox firewall now supports forwarding specific HTTP requests to a proxy you control. You can also use matchers to filter forwarding and credentials brokering to only the requests that need it.

Requests proxying​


You can now route outbound sandbox traffic through your own proxy for logging, debugging, or transforming requests and responses. Set a forwardURL on any allowed domain, and the firewall will forward matching HTTPS requests to your server.

The proxy receives the original request along with additional headers to identify the source:


  • vercel-forwarded-host: The original request's SNI


  • vercel-forwarded-scheme: The original request's scheme


  • vercel-forwarded-port: The original request's port


  • vercel-sandbox-oidc-token: A Vercel-issued OIDC token that the proxy can use to authenticate the request and identity the source team / project / sandbox. Learn more about it in the docs

Filtering​


Additionally, you can now use matchers to filter request forwarding or credentials brokering to requests matching a specific path, method, query string, or headers. This gives you fine-grained control over which requests get transformed; for example, only forwarding POST requests to a specific API path while allowing all other traffic through untouched.


These features are available in beta for Pro and Enterprise plans. Get started by installing the @vercel/sandbox@beta SDK, and learn more in the docs about requests proxying and matchers.

Read more

Continue reading...
 
Back
Top