This update focuses on making embed subscriptions safer and cleaning up how certain background errors are handled. It aligns the subscribe endpoint with the same security model already used by other embed components.
Stronger domain controls for embed subscriptions
The embed subscribe endpoint now respects each project's allowed_domains setting. Subscription requests are only accepted, and CORS headers are only returned, when the request comes from an approved origin.
If a request originates from a domain that is not allowed, preflight checks are rejected and the subscription call is blocked. This helps prevent unauthorized sites from using your embed subscription endpoint and keeps your project data safer.
Cleaner handling of asset compilation errors
Broken pipe errors that occur during asset compilation are now ignored in error tracking. These errors are expected in this context and no longer clutter monitoring with noise.