adds next-secure-headers

ente-io · Nov 30, 2021 · ce22b0f · ce22b0f
1 parent 24fcbb3
commit ce22b0f
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/next.config.js b/next.config.js
@@ -11,8 +11,9 @@ const gitSha = cp.execSync('git rev-parse --short HEAD', {
     encoding: 'utf8',
 });
 
-// eslint-disable-next-line camelcase
-const COOP_COEP_Headers = [
+const { createSecureHeaders } = require('next-secure-headers');
+
+const COOP_COEP_HEADERS = [
     {
         key: 'Cross-Origin-Opener-Policy',
         value: 'same-origin',
@@ -40,7 +41,20 @@ module.exports = withSentryConfig(
                     {
                         // Apply these headers to all routes in your application....
                         source: '/(.*)',
-                        headers: COOP_COEP_Headers,
+                        headers: [
+                            ...COOP_COEP_HEADERS,
+                            ...createSecureHeaders({
+                                contentSecurityPolicy: {
+                                    directives: {
+                                        defaultSrc: 'self',
+                                        frameAncestors: 'self',
+                                        objectSrc: 'self',
+                                        baseURI: 'self',
+                                        formAction: 'self',
+                                    },
+                                },
+                            }),
+                        ],
                     },
                 ];
             },

diff --git a/package.json b/package.json
@@ -85,6 +85,7 @@
     "eslint-plugin-react": "^7.23.2",
     "husky": "^7.0.1",
     "lint-staged": "^11.1.2",
+    "next-secure-headers": "^2.2.0",
     "prettier": "2.3.2",
     "typescript": "^4.1.3"
   },

diff --git a/yarn.lock b/yarn.lock
@@ -4613,6 +4613,11 @@ [email protected]:
   resolved "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz"
   integrity sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==
 
+next-secure-headers@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/next-secure-headers/-/next-secure-headers-2.2.0.tgz#d4eb1b00a424f811c1455d1288990a4aad3026af"
+  integrity sha512-C7OfZ9JdSJyYMz2ZBMI/WwNbt0qNjlFWX9afUp8nEUzbz6ez3JbeopdyxSZJZJAzVLIAfyk6n73rFpd4e22jRg==
+
 next@^11.1.2:
   version "11.1.2"
   resolved "https://registry.npmjs.org/next/-/next-11.1.2.tgz"