From 0eecb9a23ba96c773a79f9c0df72ccc87847d5ac Mon Sep 17 00:00:00 2001
From: austinkelsay <austinkelsay@yahoo.com>
Date: Tue, 1 Oct 2024 18:00:59 -0500
Subject: [PATCH] Add security headers

---
 next.config.js | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/next.config.js b/next.config.js
index 6035b48..01c9a69 100644
--- a/next.config.js
+++ b/next.config.js
@@ -31,7 +31,7 @@ module.exports = removeImports({
         headers: [
           {
             key: "Access-Control-Allow-Origin",
-            value: "https://plebdevs-three.vercel.app", // Set your origin
+            value: process.env.BACKEND_URL
           },
           {
             key: "Access-Control-Allow-Methods",
@@ -41,6 +41,26 @@ module.exports = removeImports({
             key: "Access-Control-Allow-Headers",
             value: "Content-Type, Authorization",
           },
+          {
+            key: "X-Frame-Options",
+            value: "DENY",
+          },
+          {
+            key: "X-Content-Type-Options",
+            value: "nosniff",
+          },
+          {
+            key: "Referrer-Policy",
+            value: "strict-origin-when-cross-origin",
+          },
+          {
+            key: "Content-Security-Policy",
+            value: "default-src 'self'; frame-ancestors 'none';",
+          },
+          {
+            key: "Strict-Transport-Security",
+            value: "max-age=31536000; includeSubDomains; preload"
+          },
         ],
       },
     ];