misaon/next.config.ts

## next.config.ts
import type { NextConfig } from 'next';

const nextConfig: NextConfig = {
  // ...
  poweredByHeader: false,
  headers: async () => [
    {
      source: '/:path*',
      headers: [
        {
          key: 'Content-Security-Policy',
          value: [
            "base-uri 'none';",
            "font-src 'self' https: data:;",
            "form-action 'self';",
            "frame-ancestors 'self';",
            "img-src 'self' data: blob:;",
            "object-src 'none';",
            "script-src 'self' https: 'unsafe-inline' 'unsafe-eval';",
            "script-src-attr 'none';",
            "style-src 'self' https: 'unsafe-inline';",
            'upgrade-insecure-requests;',
            "worker-src 'self' blob:;",
          ].join(' '),
        },
        {
          key: 'Cross-Origin-Embedder-Policy',
          value: process.env.NODE_ENV === 'development' ? 'unsafe-none' : 'credentialless',
        },
        {
          key: 'Cross-Origin-Opener-Policy',
          value: 'same-origin',
        },
        {
          key: 'Cross-Origin-Resource-Policy',
          value: 'same-origin',
        },
        {
          key: 'Origin-Agent-Cluster',
          value: '?1',
        },
        {
          key: 'Permissions-Policy',
          value: 'camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()',
        },
        {
          key: 'Referrer-Policy',
          value: 'no-referrer',
        },
        {
          key: 'Strict-Transport-Security',
          value: 'max-age=31536000; includeSubDomains',
        },
        {
          key: 'X-Content-Type-Options',
          value: 'nosniff',
        },
        {
          key: 'X-Download-Options',
          value: 'noopen',
        },
        // Replaced by Content-Security-Policy frame-ancestors rule
        // {
        //   key: 'X-Frame-Options',
        //   value: 'SAMEORIGIN',
        // },
        {
          key: 'X-Permitted-Cross-Domain-Policies',
          value: 'none',
        },
        {
          key: 'X-XSS-Protection',
          value: '0',
        },
      ],
    },
  ],
};

export default nextConfig;
	import type { NextConfig } from 'next';

	const nextConfig: NextConfig = {
	// ...
	poweredByHeader: false,
	headers: async () => [
	{
	source: '/:path*',
	headers: [
	{
	key: 'Content-Security-Policy',
	value: [
	"base-uri 'none';",
	"font-src 'self' https: data:;",
	"form-action 'self';",
	"frame-ancestors 'self';",
	"img-src 'self' data: blob:;",
	"object-src 'none';",
	"script-src 'self' https: 'unsafe-inline' 'unsafe-eval';",
	"script-src-attr 'none';",
	"style-src 'self' https: 'unsafe-inline';",
	'upgrade-insecure-requests;',
	"worker-src 'self' blob:;",
	].join(' '),
	},
	{
	key: 'Cross-Origin-Embedder-Policy',
	value: process.env.NODE_ENV === 'development' ? 'unsafe-none' : 'credentialless',
	},
	{
	key: 'Cross-Origin-Opener-Policy',
	value: 'same-origin',
	},
	{
	key: 'Cross-Origin-Resource-Policy',
	value: 'same-origin',
	},
	{
	key: 'Origin-Agent-Cluster',
	value: '?1',
	},
	{
	key: 'Permissions-Policy',
	value: 'camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()',
	},
	{
	key: 'Referrer-Policy',
	value: 'no-referrer',
	},
	{
	key: 'Strict-Transport-Security',
	value: 'max-age=31536000; includeSubDomains',
	},
	{
	key: 'X-Content-Type-Options',
	value: 'nosniff',
	},
	{
	key: 'X-Download-Options',
	value: 'noopen',
	},
	// Replaced by Content-Security-Policy frame-ancestors rule
	// {
	// key: 'X-Frame-Options',
	// value: 'SAMEORIGIN',
	// },
	{
	key: 'X-Permitted-Cross-Domain-Policies',
	value: 'none',
	},
	{
	key: 'X-XSS-Protection',
	value: '0',
	},
	],
	},
	],
	};

	export default nextConfig;
No results found