Caveats
Important limitations and considerations when using cside.
Environments That Use a Different Domain
Staging environment
In order for cside to accurately and safely license our edge infrastructure, we use the referrer header in the requests to determine if the request is coming from a licensed customer. This approach may come with some caveats.
For example, if you use a staging environment, cside will not be able to accurately license the edge infrastructure for the scripts. This is because the referrer header will (often) be a different domain. This is often seen for preview/staging URLs that use a dynamically generated domain, like Vercel, Netlify, and other platforms.
Local environment
We have added some detection mechanisms to the web script to help with local environments, such as localhost, 127.0.0.1, ::1 and other cases to automatically disable the web script from routing through Gatekeeper in those environments. If you do not want your edge infrastructure to run in the local environment, you can conditionally render the cside web script.
Inline Scripts
cside currently does not monitor inline scripts. We plan to add support for monitoring inline scripts in the future. We recommend that you use the src attribute to load your scripts, instead of using inline. But we understand that this may not always be possible.
Server-side Prefixing
For optimal performance & protection, you must also prefix any URLs used in <script> tags within the HTML sent to the browser. The CLI tool automatically handles this for static sites, and integration plugins like Vite and Next.js handle this during the build process.
Bypassed Domains
Some third-party scripts are known to cause conflicts when being served from another domain. We maintain a list of these domains that are automatically bypassed by our edge infrastructure. These scripts will not be routed through Gatekeeper to ensure compatibility.
If you encounter issues with a specific third-party script, please contact support@cside.dev for assistance.
How is this doc?