Fix domain-facing trust issues and real contact submission#143
Merged
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
11 Skipped Deployments
|
Reviewer's GuideConnects the public contact form to the real /api/contact endpoint with server-aligned spam protections and privacy language, and tightens public compliance/eligibility claims to evidence-based, service-scoped wording across the compliance notice, 404 page, and footer. Sequence diagram for updated contact form submission to /api/contactsequenceDiagram
actor User
participant ContactForm as ContactForm
participant ContactApi as api_contact
User->>ContactForm: submit (handleSubmit)
ContactForm->>ContactForm: onSubmit(data)
ContactForm->>ContactForm: zodResolver(contactSchema)
alt website honeypot not filled
ContactForm->>ContactApi: fetch /api/contact (POST)
ContactApi-->>ContactForm: JSON { ok: true }
ContactForm->>ContactForm: setStatus("success")
ContactForm->>ContactForm: reset()
else website honeypot filled or server error
ContactApi-->>ContactForm: JSON { ok: false, error }
ContactForm->>ContactForm: setStatus("error")
ContactForm->>ContactForm: setErrorMessage()
end
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- In the contact form,
inputClassis applied uniformly so field-level validation no longer changes the border or ring style on error; if you still want visual cues for invalid inputs, consider conditionally appending error classes (as in the previous implementation) whenerrors.<field>is present. - The
/api/contacthandling assumes a JSON response with anokflag (await response.json()plusresult?.ok), which will treat a non-JSON or 204 response as a failure; it may be safer to gate the JSON parsing behind a content-type check or fall back toresponse.okalone if the endpoint does not consistently return a JSON body.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- In the contact form, `inputClass` is applied uniformly so field-level validation no longer changes the border or ring style on error; if you still want visual cues for invalid inputs, consider conditionally appending error classes (as in the previous implementation) when `errors.<field>` is present.
- The `/api/contact` handling assumes a JSON response with an `ok` flag (`await response.json()` plus `result?.ok`), which will treat a non-JSON or 204 response as a failure; it may be safer to gate the JSON parsing behind a content-type check or fall back to `response.ok` alone if the endpoint does not consistently return a JSON body.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ❌ Deployment failed View logs |
gem-enterprise | 0fb24d9 | Jul 07 2026, 08:00 AM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This production hotfix addresses verified public-site problems discovered during the domain audit.
Changes
/api/contactendpoint instead of showing a simulated success state.Separate infrastructure finding
The deployed Next.js application serves
/storesuccessfully on Vercel, butwww.gemcybersecurityassist.comcurrently resolves through HubSpot/Cloudflare and returns HubSpot’s 404. The apex domain is on Vercel and redirects towww, creating a routing loop into the wrong origin. Correcting thewwwDNS/origin assignment is required outside this code PR.Verification required
/contact,/compliance-notice,/store, and a missing routewwwDNS record to the Vercel target, then retest both apex andwwwSummary by Sourcery
Connect the public contact form to the real /api/contact endpoint and tighten public-site compliance and eligibility disclosures.
New Features:
Bug Fixes:
Enhancements: