Add security headers

2025-06-06 09:12:05 +00:00 · 2024-10-01 18:00:59 -05:00 · 2024-10-01 18:00:59 -05:00 · 0eecb9a23b
commit 0eecb9a23b
parent a8c9ab7f68
1 changed files with 21 additions and 1 deletions
--- a/next.config.js
+++ b/next.config.js
@ -31,7 +31,7 @@ module.exports = removeImports({
        headers: [
          {
            key: "Access-Control-Allow-Origin",
-            value: "https://plebdevs-three.vercel.app", // Set your origin
+            value: process.env.BACKEND_URL
          },
          {
            key: "Access-Control-Allow-Methods",
@ -41,6 +41,26 @@ module.exports = removeImports({
            key: "Access-Control-Allow-Headers",
            value: "Content-Type, Authorization",
          },
+          {
+            key: "X-Frame-Options",
+            value: "DENY",
+          },
+          {
+            key: "X-Content-Type-Options",
+            value: "nosniff",
+          },
+          {
+            key: "Referrer-Policy",
+            value: "strict-origin-when-cross-origin",
+          },
+          {
+            key: "Content-Security-Policy",
+            value: "default-src 'self'; frame-ancestors 'none';",
+          },
+          {
+            key: "Strict-Transport-Security",
+            value: "max-age=31536000; includeSubDomains; preload"
+          },
        ],
      },
    ];