add csp

2025-02-15 06:09:15 +01:00 · 2022-10-10 17:43:28 +02:00 · 2022-10-10 17:43:28 +02:00 · 555028f40b
commit 555028f40b
parent 99478da18e
3 changed files with 43 additions and 1 deletions
--- a/next.config.js
+++ b/next.config.js
@ -1,3 +1,39 @@
+const nextSafe = require("next-safe");
+
+module.exports = {
+  async headers() {
+    return [
+      {
+        source: "/:path*",
+        headers: nextSafe({
+          contentTypeOptions: "nosniff",
+          contentSecurityPolicy: {
+            "base-uri": "'none'",
+            "child-src": "'none'",
+            "connect-src": "'self'",
+            "default-src": "'self'",
+            "font-src": "'self'",
+            "frame-src": "'none'",
+            "img-src": "'self'",
+            "frame-ancestors": "'none'",
+            "manifest-src": "'self'",
+            "media-src": "'self'",
+            "object-src": "'none'",
+            "prefetch-src": "'self'",
+            "script-src": "'self'",
+            "style-src": "'self'",
+            "worker-src": "'self'",
+            "form-action": "'self'",
+            reportOnly: false,
+          },
+          referrerPolicy: "same-origin",
+          xssProtection: "1; mode=block",
+        }),
+      },
+    ];
+  },
+};
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
  reactStrictMode: true,