can now connect to hosted Postgres databases, including , , , , and . To enable a connection, add the database host to your Sandbox's allowed domains.Vercel SandboxNeonSupabaseAWS RDSNilePrisma Postgres When is used with Vercel Sandbox, the sandbox firewall restricts outbound network access by checking the domain name during a connection's TLS handshake. This works seamlessly for HTTPS traffic, where the domain is visible at the start of the connection.SNI based filtering Postgres, however, negotiates TLS differently. A Postgres client first opens a plain TCP connection and upgrades to TLS. Because the domain isn't available when the firewall first needs it, Postgres connections through a standard domain-restricted Sandbox would fail.then The Sandbox firewall now adjusts for the Postgres TLS negotiation flow.

It detects the protocol's startup sequence, waits for the TLS upgrade, and then applies your domain policy before forwarding the connection to the database. No changes are needed to your code or database configuration. Here's a full example: create a Sandbox, install a Postgres client, lock down the network to only the database host, and run a query. Learn more about the…