sosokker/B2D-Ventures
1
0
Fork 0
mirror of https://github.com/Sosokker/B2D-Ventures.git synced 2025-12-18 21:44:06 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: set secure header

Browse Source
This commit is contained in:
Sosokker 2024-12-16 09:49:57 +07:00
parent 48a8a9c0d5
commit f02928a332
1 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
next.config.mjs
View File

@ -1,4 +1,4 @@
const SUPABASE_URL = process.env.NEXT_PUBLIC_SUPABASE_URL_SOURCE;
const SUPABASE_URL = new URL(`https://${process.env.NEXT_PUBLIC_SUPABASE_URL_SOURCE}`).hostname;
const nextConfig = {
reactStrictMode: true,
@ -38,5 +38,55 @@ const nextConfig = {
},
],
},
async headers() {
return [
{
source: "/:path*",
headers: [
{
key: "X-Content-Type-Options",
value: "nosniff",
},
{
key: "X-XSS-Protection",
value: "1; mode=block",
},
{
key: "X-Frame-Options",
value: "DENY",
},
{
key: "Referrer-Policy",
value: "strict-origin-when-cross-origin",
},
{
key: "Strict-Transport-Security",
value: "max-age=63072000; includeSubDomains; preload",
},
{
key: "Permissions-Policy",
value: "geolocation=(), microphone=(), camera=()",
},
{
key: "Content-Security-Policy",
value: `
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com;
style-src 'self' 'unsafe-inline' fonts.googleapis.com;
img-src 'self' data: https://${SUPABASE_URL} https://upload.wikimedia.org https://avatars.githubusercontent.com https://assets.republic.com https://media.licdn.com;
font-src 'self' fonts.gstatic.com;
connect-src 'self' https://${SUPABASE_URL};
frame-ancestors 'none';
object-src 'none';
`
.replace(/\s{2,}/g, " ")
.trim(),
},
],
},
];
},
};
export default nextConfig;