chore: add security header (#1102) · openstatus.dev/openstatus@4d36736

openstatus.dev / openstatus

fork atom

Openstatus www.openstatus.dev

fork atom

chore: add security header (#1102)

authored by

Maximilian Kaske and committed by

GitHub 1 year ago 4d367368 399d7911

+11

1 changed file

expand all

apps

web

next.config.js

+11

apps/web/next.config.js

··· 1 1 const { withContentCollections } = require("@content-collections/next"); 2 2 const { withSentryConfig } = require("@sentry/nextjs"); 3 3 4 + // REMINDER: avoid Clickjacking attacks by setting the X-Frame-Options header 5 + const securityHeaders = [ 6 + { 7 + key: "X-Frame-Options", 8 + value: "SAMEORIGIN", 9 + }, 10 + ]; 11 + 4 12 /** @type {import('next').NextConfig} */ 5 13 const nextConfig = { 6 14 reactStrictMode: true, ··· 52 60 hostname: "www.openstatus.dev", 53 61 }, 54 62 ], 63 + }, 64 + async headers() { 65 + return [{ source: "/(.*)", headers: securityHeaders }]; 55 66 }, 56 67 }; 57 68