sec: Add form-action to CSP and remove duplicate HSTS header based on ZAP report
All checks were successful
Staging Build / build (push) Successful in 2m37s
All checks were successful
Staging Build / build (push) Successful in 2m37s
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@@ -2,3 +2,4 @@ example_data/
|
|||||||
shop/Leitfaden
|
shop/Leitfaden
|
||||||
.gitignore
|
.gitignore
|
||||||
db-access.txt
|
db-access.txt
|
||||||
|
2026-06-25-ZAP-Report-.json
|
||||||
|
|||||||
@@ -17,13 +17,9 @@ const nextConfig: NextConfig = {
|
|||||||
key: 'X-Content-Type-Options',
|
key: 'X-Content-Type-Options',
|
||||||
value: 'nosniff',
|
value: 'nosniff',
|
||||||
},
|
},
|
||||||
{
|
|
||||||
key: 'Strict-Transport-Security',
|
|
||||||
value: 'max-age=31536000; includeSubDomains; preload',
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
key: 'Content-Security-Policy',
|
key: 'Content-Security-Policy',
|
||||||
value: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self' data:; connect-src 'self' https://*.supabase.co wss://*.supabase.co https://*.supabase.net wss://*.supabase.net; frame-ancestors 'self';",
|
value: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self' data:; connect-src 'self' https://*.supabase.co wss://*.supabase.co https://*.supabase.net wss://*.supabase.net; frame-ancestors 'self'; form-action 'self';",
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user