Move security headers away from nginx

potatoepotato · Feb 26, 2021 · a4713ef · a4713ef
1 parent 423fa8f
commit a4713ef
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/next.config.js b/next.config.js
@@ -33,6 +33,26 @@ const config = {
         permanent: false,
       },
     ]),
+  headers: async () =>
+    Promise.resolve([
+      {
+        source: "/(.*)",
+        headers: [
+          {
+            key: "Content-Security-Policy",
+            value: "upgrade-insecure-requests; frame-ancestors 'none';",
+          },
+          {
+            key: "Referrer-Policy",
+            value: "strict-origin-when-cross-origin",
+          },
+          {
+            key: "X-Content-Type-Options",
+            value: "nosniff",
+          },
+        ],
+      },
+    ]),
 }
 
 const withBundleAnalyzer = require("@next/bundle-analyzer")({