jake/hoot
1
Fork 0
mirror of https://github.com/jakejarvis/hoot.git synced 2025-10-18 20:14:25 -04:00
Code Issues Activity

Add Content Security Policy headers for production environment

Browse Source
This commit is contained in:
Jake Jarvis
2025-10-09 11:56:32 -04:00
parent 74503e867a
commit ce128763bc
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
next.config.ts
View File

@@ -35,6 +35,48 @@ const nextConfig: NextConfig = {
},
];
},
headers: async () => {
return process.env.VERCEL_ENV === "production"
? [
{
source: "/:path*",
headers: [
{
key: "Content-Security-Policy-Report-Only",
value: `
default-src 'self';
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.posthog.com https://vercel.live https://vitals.vercel-insights.com;
style-src 'self' 'unsafe-inline' https://vercel.live;
img-src 'self' https://f2zros4g9k.ufs.sh https://vercel.live https://vercel.com data: blob:;
font-src 'self' https://vercel.live https://assets.vercel.com;
object-src 'none';
connect-src 'self' https://*.posthog.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://vercel.live https://vitals.vercel-insights.com https://*.pusher.com wss://*.pusher.com;
worker-src 'self' data: blob:;
child-src 'self' blob:;
frame-src 'self' https://vercel.live;
frame-ancestors 'none';
form-action 'self';
base-uri 'self';
${
process.env.NEXT_PUBLIC_POSTHOG_KEY
? `report-uri https://us.i.posthog.com/report/?token=${process.env.NEXT_PUBLIC_POSTHOG_KEY}; report-to posthog`
: ""
}
`
.replace(/\s{2,}/g, " ")
.trim(),
},
{
key: "Reporting-Endpoints",
value: process.env.NEXT_PUBLIC_POSTHOG_KEY
? `posthog="https://us.i.posthog.com/report/?token=${process.env.NEXT_PUBLIC_POSTHOG_KEY}"`
: "",
},
],
},
]
: [];
},
skipTrailingSlashRedirect: true,
};