Files
webshop/shop/next.config.ts
DanielS f44cf1a5f6
All checks were successful
Staging Build / build (push) Successful in 2m36s
sec: Add HTTP security headers and disable X-Powered-By header based on ZAP report
2026-06-25 15:49:40 +02:00

35 lines
1005 B
TypeScript

import type { NextConfig } from "next";
const nextConfig: NextConfig = {
output: "standalone",
cacheComponents: false,
poweredByHeader: false,
async headers() {
return [
{
source: '/:path*',
headers: [
{
key: 'X-Frame-Options',
value: 'SAMEORIGIN',
},
{
key: 'X-Content-Type-Options',
value: 'nosniff',
},
{
key: 'Strict-Transport-Security',
value: 'max-age=31536000; includeSubDomains; preload',
},
{
key: 'Content-Security-Policy',
value: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self' data:; connect-src 'self' https://*.supabase.co wss://*.supabase.co https://*.supabase.net wss://*.supabase.net; frame-ancestors 'self';",
},
],
},
];
},
};
export default nextConfig;