Try to fix _next paths' headers

vanilladefi · Apr 15, 2021 · 9132e34 · 9132e34
1 parent 293823b
commit 9132e34
Showing 1 changed file with 29 additions and 23 deletions.
diff --git a/next.config.js b/next.config.js
@@ -13,6 +13,30 @@ const withMDX = require('@next/mdx')({
   },
 })
 
+const secureHeaders = [
+  {
+    key: 'X-Frame-Options',
+    value: 'DENY',
+  },
+  /*  {
+    key: 'Content-Security-Policy',
+    value:
+      "default-src 'self'; img-src 'self' data: https://assets.coingecko.com https://ipfs.io https://raw.githubusercontent.com https://render.githubusercontent.com https://media.giphy.com; media-src 'self' https://media.giphy.com; script-src 'self' 'unsafe-inline' https://plausible.io; font-src 'self'; style-src 'self' 'unsafe-inline'; prefetch-src https://vanilladefi.com *equilibriumco.vercel.app; connect-src 'self' wss://bridge.walletconnect.org https://api.thegraph.com wss://api.thegraph.com https://eth-mainnet.alchemyapi.io wss://eth-mainnet.alchemyapi.io https://plausible.io; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; manifest-src 'self';",
+  }, */
+  {
+    key: 'X-XSS-Protection',
+    value: '1; mode=block',
+  },
+  {
+    key: 'X-Content-Type-Options',
+    value: 'nosniff',
+  },
+  {
+    key: 'Referrer-Policy',
+    value: 'strict-origin-when-cross-origin',
+  },
+]
+
 module.exports = withMDX({
   pageExtensions: ['js', 'jsx', 'ts', 'tsx', 'md', 'mdx'],
   i18n: {
@@ -27,29 +51,11 @@ module.exports = withMDX({
     return [
       {
         source: '/:path*{/}?',
-        headers: [
-          {
-            key: 'X-Frame-Options',
-            value: 'DENY',
-          },
-          /*  {
-            key: 'Content-Security-Policy',
-            value:
-              "default-src 'self'; img-src 'self' data: https://assets.coingecko.com https://ipfs.io https://raw.githubusercontent.com https://render.githubusercontent.com https://media.giphy.com; media-src 'self' https://media.giphy.com; script-src 'self' 'unsafe-inline' https://plausible.io; font-src 'self'; style-src 'self' 'unsafe-inline'; prefetch-src https://vanilladefi.com *equilibriumco.vercel.app; connect-src 'self' wss://bridge.walletconnect.org https://api.thegraph.com wss://api.thegraph.com https://eth-mainnet.alchemyapi.io wss://eth-mainnet.alchemyapi.io https://plausible.io; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; manifest-src 'self';",
-          }, */
-          {
-            key: 'X-XSS-Protection',
-            value: '1; mode=block',
-          },
-          {
-            key: 'X-Content-Type-Options',
-            value: 'nosniff',
-          },
-          {
-            key: 'Referrer-Policy',
-            value: 'strict-origin-when-cross-origin',
-          },
-        ],
+        headers: secureHeaders,
+      },
+      {
+        source: '/_next*{/}?',
+        headers: secureHeaders,
       },
     ]
   },