Skip to content

Commit

Permalink
Add nextjs security headers (#749)
Browse files Browse the repository at this point in the history
  • Loading branch information
daryllimyt authored Jan 14, 2025
1 parent 34234e6 commit d58e4f0
Showing 1 changed file with 58 additions and 4 deletions.
62 changes: 58 additions & 4 deletions frontend/next.config.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,67 @@ const nextConfig = {
output: "standalone", // Ensure standalone output for production
generateBuildId: async () => {
// Return a unique identifier for each build.
return Date.now().toString();
return Date.now().toString()
},
};
headers: async () => {
return [
{
// Apply these headers to all routes
source: "/:path*",
headers: [
{
key: "Strict-Transport-Security",
value: "max-age=7776000; includeSubDomains",
},
{
key: "X-Content-Type-Options",
value: "nosniff",
},
{
key: "X-Frame-Options",
value: "DENY",
},
{
key: "Referrer-Policy",
value: "strict-origin-when-cross-origin",
},
{
key: "Permissions-Policy",
value: "document-domain=()",
},
{
key: "Content-Security-Policy",
value: process.env.POSTHOG_KEY
? [
"connect-src 'self' https://*.posthog.com",
"default-src 'self'",
"worker-src 'self' blob:",
"frame-ancestors 'none'",
"img-src 'self' data:",
"object-src 'none'",
"script-src 'self' 'unsafe-inline' https://*.posthog.com",
"style-src 'self' 'unsafe-inline'",
].join("; ")
: [
"connect-src 'self'",
"default-src 'self'",
"worker-src 'self' blob:",
"frame-ancestors 'none'",
"img-src 'self' data:",
"object-src 'none'",
"script-src 'self' 'unsafe-inline'",
"style-src 'self' 'unsafe-inline'",
].join("; "),
},
],
},
]
},
}

// Override settings for non-production environments
if (process.env.NODE_ENV !== "production") {
nextConfig.reactStrictMode = false;
nextConfig.reactStrictMode = false
}

export default nextConfig;
export default nextConfig

0 comments on commit d58e4f0

Please sign in to comment.