mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-17 17:41:50 +00:00
41 lines
1.1 KiB
JavaScript
41 lines
1.1 KiB
JavaScript
/** @type {import('next').NextConfig} */
|
|
|
|
// HTTP Security Headers
|
|
// 'unsafe-eval' is configured under `script-src` because it is required by NextJS for development mode
|
|
const cspHeader = `
|
|
img-src 'self';
|
|
font-src 'self';
|
|
style-src 'self' 'unsafe-inline';
|
|
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com;
|
|
connect-src 'self' https://api.iconify.design https://api.simplesvg.com https://api.unisvg.com https://js.stripe.com;
|
|
frame-src 'self' https://js.stripe.com/;
|
|
frame-ancestors 'none';
|
|
default-src 'self'
|
|
`
|
|
|
|
module.exports = {
|
|
poweredByHeader: false,
|
|
output: "standalone",
|
|
async headers() {
|
|
return [
|
|
{
|
|
source: '/(.*)',
|
|
headers: [
|
|
{
|
|
key: 'Content-Security-Policy',
|
|
value: cspHeader.replace(/\n/g, ''),
|
|
},
|
|
{
|
|
key: 'X-Content-Type-Options',
|
|
value: 'nosniff',
|
|
},
|
|
{
|
|
key: 'Referrer-Policy',
|
|
value: 'strict-origin-when-cross-origin',
|
|
},
|
|
],
|
|
},
|
|
]
|
|
}
|
|
};
|