feat: security headers

2023-09-18 20:13:46 -05:00
parent 7d4bb09170
commit 95a40400af
1 changed files with 34 additions and 0 deletions
--- a/apps/marketing/next.config.js
+++ b/apps/marketing/next.config.js
@ -18,6 +18,40 @@ const config = {
      transform: 'lucide-react/dist/esm/icons/{{ kebabCase member }}',
    },
  },
+  async headers() {
+    return [
+      {
+        source: '/:path*',
+        headers: [
+          {
+            key: 'x-dns-prefetch-control',
+            value: 'on',
+          },
+          {
+            key: 'strict-transport-security',
+            value: 'max-age=31536000; includeSubDomains; preload',
+          },
+          {
+            key: 'x-frame-options',
+            value: 'SAMEORIGIN',
+          },
+          {
+            key: 'x-content-type-options',
+            value: 'nosniff',
+          },
+          {
+            key: 'referrer-policy',
+            value: 'strict-origin-when-cross-origin',
+          },
+          {
+            key: 'permissions-policy',
+            value:
+              'accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()',
+          },
+        ],
+      },
+    ];
+  },
 };

 module.exports = withContentlayer(config);