Vercel

Vercel enhances Sandbox firewall with request proxying and matching capabilities.


Executive Summary

Vercel has updated its Sandbox firewall, enabling developers to forward specific outbound HTTP requests to a user-controlled proxy for logging, debugging, or transformation. This beta feature, available for Pro and Enterprise plans, also introduces "Matchers" for fine-grained control, allowing developers to scope forwarding to requests that meet specific path, method, or header criteria. The update provides enhanced security and observability for network traffic originating from Vercel Sandboxes.

Key Takeaways

* Request Proxying: Users can now configure a `forwardURL` on an allowed domain to route all matching HTTPS requests through their own proxy server.

* Contextual Headers: The proxy receives the original request's details (host, scheme, port) and a Vercel-issued OIDC token for authenticating the source team, project, or sandbox.

* Matchers for Granular Control: Developers can apply proxying or credential brokering only to requests that match specific criteria, such as HTTP method (`POST`), path (`/api/*`), or headers.

* Availability: The features are available in beta for customers on Pro and Enterprise plans.

* Implementation: Access requires installing the `@vercel/sandbox@beta` SDK.

Strategic Importance

This update provides enterprise-grade network control and observability, empowering developers to build more secure and compliant applications on Vercel's platform.

Original article