Vercel Sandbox firewall now supports request proxying and filtering
Mirrored from Vercel — AI for archival readability. Support the source by reading on the original site.
The Vercel Sandbox firewall now supports forwarding specific HTTP requests to a proxy you control. You can also use matchers to filter forwarding and credentials brokering to only the requests that need it.
Requests proxying
You can now route outbound sandbox traffic through your own proxy for logging, debugging, or transforming requests and responses. Set a forwardURL on any allowed domain, and the firewall will forward matching HTTPS requests to your server.
The proxy receives the original request along with additional headers to identify the source:
vercel-forwarded-host: The original request's SNIvercel-forwarded-scheme: The original request's schemevercel-forwarded-port: The original request's portvercel-sandbox-oidc-token: A Vercel-issued OIDC token that the proxy can use to authenticate the request and identity the source team / project / sandbox. Learn more about it in the docs
Filtering
Additionally, you can now use matchers to filter request forwarding or credentials brokering to requests matching a specific path, method, query string, or headers. This gives you fine-grained control over which requests get transformed; for example, only forwarding POST requests to a specific API path while allowing all other traffic through untouched.
These features are available in beta for Pro and Enterprise plans. Get started by installing the @vercel/sandbox@beta SDK, and learn more in the docs about requests proxying and matchers.
Discussion (0)
Sign in to join the discussion. Free account, 30 seconds — email code or GitHub.
Sign in →No comments yet. Sign in and be the first to say something.