feat: add security headers

AlanMorel · Dec 11, 2023 · 65b4427 · 65b4427
1 parent 495c85f
commit 65b4427
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/next.config.js b/next.config.js
@@ -1,5 +1,11 @@
 import fs from "fs";
 
+const safeStylesheet = [].join(" ");
+
+const safeScripts = ["*.googletagmanager.com"].join(" ");
+
+const contentSecurityPolicy = `style-src 'self' 'unsafe-eval' 'unsafe-inline' ${safeStylesheet}; script-src 'self' ${safeScripts} 'unsafe-eval' 'unsafe-inline';`;
+
 export function redirects() {
     try {
         const redirectsFile = fs.readFileSync("./src/redirects.json", "utf8");
@@ -17,6 +23,35 @@ const config = {
     },
     async redirects() {
         return redirects();
+    },
+    async headers() {
+        return [
+            {
+                source: "/(.*)",
+                headers: [
+                    {
+                        key: "X-Frame-Options",
+                        value: "DENY"
+                    },
+                    {
+                        key: "Content-Security-Policy",
+                        value: contentSecurityPolicy
+                    },
+                    {
+                        key: "X-Content-Type-Options",
+                        value: "nosniff"
+                    },
+                    {
+                        key: "Permissions-Policy",
+                        value: "camera=(), battery=(self), geolocation=(), microphone=()"
+                    },
+                    {
+                        key: "Referrer-Policy",
+                        value: "origin-when-cross-origin"
+                    }
+                ]
+            }
+        ];
     }
 };