bigcommerce · adambilsing · Sep 5, 2024
@@ -9,17 +9,38 @@ const csrfProtect = csrf({
 });
 
 export async function middleware(request: NextRequest) {
-    const response = NextResponse.next();
+    const cspHeader = `
+        frame-ancestors: 'https://store-*.mybigcommerce.com' 
+        'https://store-*.my-integration.zone' 
+        'https://store-*.my-staging.zone';
+    `;
+    const contentSecurityPolicyHeaderValue = cspHeader
+    .replace(/\s{2,}/g, ' ')
+    .trim();
+
+    const requestHeaders = new Headers(request.headers);
+
+    requestHeaders.set(
+        'Content-Security-Policy',
+        contentSecurityPolicyHeaderValue
+    );
+
+    const response = NextResponse.next({
+        request: {
+            headers: requestHeaders,
+        },
+    });
 
     const csrfError = await csrfProtect(request, response);
 
     if (csrfError) {
         return new NextResponse('invalid csrf token', { status: 403 });
     }
 
-    return response;
-}
-
-export const config = {
-    matcher: ['/productDescription/:productId*', '/api/generateDescription'],
-}
+    response.headers.set(
+        'Content-Security-Policy',
+        contentSecurityPolicyHeaderValue
+    );
+
+    return response
+}