feat: added security headers

2025-02-07 14:18:14 +02:00 · 2021-04-13 10:50:40 +02:00 · 2021-04-13 10:50:40 +02:00 · 52f4bee990
commit 52f4bee990
parent b5406cfe25
1 changed files with 34 additions and 0 deletions
--- a/apps/blueprints/next.config.js
+++ b/apps/blueprints/next.config.js
@ -22,4 +22,38 @@ module.exports = {

    return config;
  },
+  async headers() {
+    return [
+      {
+        source: "/(.*)",
+        headers: [
+          {
+            key: "Permissions-Policy",
+            value: "interest-cohort=()",
+          },
+          {
+            key: "Referrer-Policy",
+            value: "no-referrer",
+          },
+          {
+            key: "Strict-Transport-Security",
+            value: "max-age=31536000; includeSubDomains",
+          },
+          {
+            key: "Content-Security-Policy",
+            value:
+              "script-src 'self' https://storage.googleapis.com/factorio-blueprints-assets https://static.cloudflareinsights.com ;",
+          },
+          {
+            key: "X-Frame-Options",
+            value: "SAMEORIGIN",
+          },
+          {
+            key: "X-Content-Type-Options",
+            value: "nosniff",
+          },
+        ],
+      },
+    ];
+  },
 };