@@ -4,11 +4,37 @@ import withPWA from 'next-pwa';
44const withPWANext = withPWA ( {
55 dest : 'public' ,
66 register : true ,
7- skipWaiting : true
7+ skipWaiting : true ,
88} ) ;
99
10- const nextConfig : NextConfig = { } ;
11-
12- export default withPWANext ( nextConfig ) ;
10+ const securityHeaders = ( ) : { key : string ; value : string } [ ] => {
11+ const csp = [
12+ "default-src 'self'" ,
13+ "script-src 'self' 'unsafe-inline' 'unsafe-eval'" ,
14+ "style-src 'self' 'unsafe-inline'" ,
15+ "img-src 'self' data:" ,
16+ "font-src 'self' data:" ,
17+ "connect-src 'self' https://api.todoist.com" ,
18+ "frame-ancestors 'none'" ,
19+ ] . join ( '; ' ) ;
20+ return [
21+ { key : 'Content-Security-Policy' , value : csp } ,
22+ { key : 'Referrer-Policy' , value : 'no-referrer' } ,
23+ { key : 'X-Content-Type-Options' , value : 'nosniff' } ,
24+ { key : 'X-Frame-Options' , value : 'DENY' } ,
25+ { key : 'Permissions-Policy' , value : 'camera=(), microphone=(), geolocation=()' } ,
26+ ] ;
27+ } ;
1328
29+ const nextConfig : NextConfig = {
30+ async headers ( ) {
31+ return [
32+ {
33+ source : '/:path*' ,
34+ headers : securityHeaders ( ) ,
35+ } ,
36+ ] ;
37+ } ,
38+ } ;
1439
40+ export default withPWANext ( nextConfig ) ;
0 commit comments