Skip to content

Fix domain-facing trust issues and real contact submission#143

Merged
support371 merged 5 commits into
mainfrom
fix/domain-routing-and-trust-hotfix
Jul 7, 2026
Merged

Fix domain-facing trust issues and real contact submission#143
support371 merged 5 commits into
mainfrom
fix/domain-routing-and-trust-hotfix

Conversation

@support371

@support371 support371 commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Summary

This production hotfix addresses verified public-site problems discovered during the domain audit.

Changes

  • Connects the Contact form to the existing /api/contact endpoint instead of showing a simulated success state.
  • Adds error handling and the existing server-side honeypot field.
  • Reconciles Contact-form privacy wording with the Privacy Policy.
  • Replaces the blanket “Qualified Clients Only” footer claim with service-specific eligibility language.
  • Removes the unverified “Regulated” claim from the branded 404 page.
  • Replaces public compliance placeholders and broad regulatory assertions with scoped, evidence-based disclosures.

Separate infrastructure finding

The deployed Next.js application serves /store successfully on Vercel, but www.gemcybersecurityassist.com currently resolves through HubSpot/Cloudflare and returns HubSpot’s 404. The apex domain is on Vercel and redirects to www, creating a routing loop into the wrong origin. Correcting the www DNS/origin assignment is required outside this code PR.

Verification required

  • CI build, lint, and tests
  • Vercel preview validation for /contact, /compliance-notice, /store, and a missing route
  • Confirm SMTP variables are present so unauthenticated contact submissions generate notifications
  • Correct the public www DNS record to the Vercel target, then retest both apex and www

Summary by Sourcery

Connect the public contact form to the real /api/contact endpoint and tighten public-site compliance and eligibility disclosures.

New Features:

  • Wire the Contact form to submit to the backend contact API with structured payloads and success handling.

Bug Fixes:

  • Ensure contact submissions surface server errors to users instead of always showing a simulated success state.

Enhancements:

  • Add a hidden honeypot field and input trimming to the Contact form for basic abuse protection and cleaner validation.
  • Update Contact form privacy copy to align with the site Privacy Policy and clarify how information may be processed or disclosed.
  • Rewrite the Compliance Notice page to focus on service eligibility, regulatory scope, verification, and third‑party dependencies with dated metadata.
  • Adjust the 404 page footer tagline and messaging to remove unverified regulatory claims and emphasize service domains.
  • Refine the site footer eligibility language to distinguish broadly available products from services requiring additional review.

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
support371-gem-enterprise Ready Ready Preview, Comment, Open in v0 Jul 7, 2026 7:57am
11 Skipped Deployments
Project Deployment Actions Updated (UTC)
gem-enterprise Ignored Ignored Preview Jul 7, 2026 7:57am
gem-enterprise-in Ignored Ignored Preview Jul 7, 2026 7:57am
gem-enterprise-jx Ignored Ignored Preview Jul 7, 2026 7:57am
gem-enterprise-xf Ignored Ignored Preview Jul 7, 2026 7:57am
project-dtrl6 Ignored Ignored Preview Jul 7, 2026 7:57am
v0-continue-conversation Ignored Ignored Preview Jul 7, 2026 7:57am
v0-continue-conversation-3875 Ignored Ignored Preview Jul 7, 2026 7:57am
v0-deployment-alignment-task Ignored Ignored Preview Jul 7, 2026 7:57am
v0-image-analysis Ignored Ignored Preview Jul 7, 2026 7:57am
v0-my-website Ignored Ignored Preview Jul 7, 2026 7:57am
v0-v0-geraldhoeven-4141-ff89f7f-5 Ignored Ignored Preview Jul 7, 2026 7:57am

@sourcery-ai

sourcery-ai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Reviewer's Guide

Connects the public contact form to the real /api/contact endpoint with server-aligned spam protections and privacy language, and tightens public compliance/eligibility claims to evidence-based, service-scoped wording across the compliance notice, 404 page, and footer.

Sequence diagram for updated contact form submission to /api/contact

sequenceDiagram
  actor User
  participant ContactForm as ContactForm
  participant ContactApi as api_contact

  User->>ContactForm: submit (handleSubmit)
  ContactForm->>ContactForm: onSubmit(data)
  ContactForm->>ContactForm: zodResolver(contactSchema)
  alt website honeypot not filled
    ContactForm->>ContactApi: fetch /api/contact (POST)
    ContactApi-->>ContactForm: JSON { ok: true }
    ContactForm->>ContactForm: setStatus("success")
    ContactForm->>ContactForm: reset()
  else website honeypot filled or server error
    ContactApi-->>ContactForm: JSON { ok: false, error }
    ContactForm->>ContactForm: setStatus("error")
    ContactForm->>ContactForm: setErrorMessage()
  end
Loading

File-Level Changes

Change Details Files
Wire the Contact form to the real /api/contact endpoint with validation, honeypot field, and user-visible error handling aligned to backend expectations.
  • Extend the contact form schema with trimmed fields and an optional hidden website field used as a honeypot.
  • Replace the simulated timeout-based submission with a real POST to /api/contact, mapping fields into backend name/email/subject/message/website shape.
  • Derive a human-friendly subject label from the selected subject value and include organization in the subject, with organization also prefixed in the message body.
  • Handle non-2xx or backend-declared failures by parsing JSON response, logging to console, and surfacing a generalized error message to the user.
  • Standardize input styling with a reusable inputClass, add aria-invalid attributes, and ensure icons used for status/errors are aria-hidden.
src/app/contact/ContactForm.tsx
Align contact form privacy/usage notice with the site Privacy Policy and introduce a server-side compatible honeypot field.
  • Add a hidden, non-focusable website input registered with react-hook-form as the honeypot field expected by the server.
  • Initialize defaultValues with website to avoid uncontrolled-to-controlled warnings.
  • Replace the generic confidentiality footer copy with text stating that personal information is not sold and may be processed/disclosed as described in the Privacy Policy, linking to /privacy via next/link.
src/app/contact/ContactForm.tsx
Rewrite the Compliance Notice page to remove placeholder regulatory claims and instead describe scoped platform, eligibility, verification, and third-party practices.
  • Add descriptive metadata including a title and description for the Compliance Notice page and introduce an updatedAt constant for the last-updated label.
  • Replace the prior detailed, placeholder-heavy regulatory text (registrations, AML/KYC, client classification, investment risk, jurisdiction restrictions, conflicts, reporting, data protection) with shorter sections focused on platform/regulatory scope, service eligibility, verification, advice disclaimers, cybersecurity limitations, privacy/third parties, and verification guidance.
  • Use Badge and Separator components with updated styling and layout to match the new information architecture and tone, and simplify overall content structure into an accessible main element.
src/app/compliance-notice/page.tsx
Update the branded 404 page tagline to remove unverified "Regulated" claims while keeping the visual design and navigation CTAs.
  • Mark decorative ShieldCheck and background visuals as aria-hidden to improve accessibility.
  • Adjust the 404 descriptive copy to remove support-contact language and instead direct users back into the platform via existing links.
  • Replace the bottom monospace label from "Regulated
Compliant
Adjust footer marketing copy to be service-specific about eligibility rather than a blanket qualified-clients-only claim.
  • Tweak the hero/footer description line to mention services for individuals, organizations, and eligible institutional clients instead of institutional-only language.
  • Change the small-card label from "Qualified Clients Only" to "Service Eligibility" and rewrite the body copy to clarify that public cybersecurity products are broadly available while certain institutional/financial/jurisdiction-restricted services require eligibility and compliance review.
src/components/Footer.tsx

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • In the contact form, inputClass is applied uniformly so field-level validation no longer changes the border or ring style on error; if you still want visual cues for invalid inputs, consider conditionally appending error classes (as in the previous implementation) when errors.<field> is present.
  • The /api/contact handling assumes a JSON response with an ok flag (await response.json() plus result?.ok), which will treat a non-JSON or 204 response as a failure; it may be safer to gate the JSON parsing behind a content-type check or fall back to response.ok alone if the endpoint does not consistently return a JSON body.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In the contact form, `inputClass` is applied uniformly so field-level validation no longer changes the border or ring style on error; if you still want visual cues for invalid inputs, consider conditionally appending error classes (as in the previous implementation) when `errors.<field>` is present.
- The `/api/contact` handling assumes a JSON response with an `ok` flag (`await response.json()` plus `result?.ok`), which will treat a non-JSON or 204 response as a failure; it may be safer to gate the JSON parsing behind a content-type check or fall back to `response.ok` alone if the endpoint does not consistently return a JSON body.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 7, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
gem-enterprise 0fb24d9 Jul 07 2026, 08:00 AM

@support371
support371 merged commit 428a6e7 into main Jul 7, 2026
19 of 23 checks passed
@support371
support371 deleted the fix/domain-routing-and-trust-hotfix branch July 7, 2026 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant