fix(redirects): move redirects for terms/privacy to client-side redirects

[waleedlatif1]

Summary

move redirects for terms/privacy to client-side redirects, because we were getting RSC CORS issues

Type of Change

• Bug fix

Testing

Tested manually.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
sim	Ready	Preview	Comment	Sep 22, 2025 9:56pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Sep 22, 2025 9:56pm

[greptile-apps]

Greptile Summary

This PR addresses RSC (React Server Components) CORS issues by migrating redirect handling for the terms of service and privacy policy pages from server-side middleware to client-side React components. The changes maintain the existing whitelabel functionality where deployments can redirect users to external terms/privacy URLs via environment variables (NEXT_PUBLIC_TERMS_URL and NEXT_PUBLIC_PRIVACY_URL).

The core changes involve:

• Middleware Updates: Removed the server-side redirect logic from middleware.ts while preserving the route matcher configuration
• Client-Side Redirects: Added useEffect hooks to both /terms/page.tsx and /privacy/page.tsx that check for configured external URLs and redirect using window.location.href
• Security Policy Updates: Enhanced CSP configuration in csp.ts to allow connections to the redirect target domains
• Image Optimization: Added support for brand favicon URLs in Next.js image optimization configuration alongside existing logo URL support

The client-side approach resolves CORS complications that occurred when server-side redirects attempted to navigate to external domains in RSC environments. The fallback behavior remains unchanged - if no external URLs are configured, users see the default terms/privacy content. This solution preserves the whitelabel functionality while eliminating the technical issues that were blocking proper redirect behavior.

Confidence score: 4/5

• This PR addresses a specific technical issue with a well-understood solution that maintains existing functionality
• The changes follow established patterns in the codebase and include proper error handling and URL validation
• Minor attention needed on CSP configuration and middleware route matcher to ensure complete migration consistency

_{5 files reviewed, 4 comments}

_{Edit Code Review Bot Settings | Greptile}