StanGirard/quivr
1
1
Fork 0
mirror of https://github.com/StanGirard/quivr.git synced 2024-11-24 05:55:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

🚑 use security headers in prod environement only (#550)

Browse Source
This commit is contained in:
Zineb El Bachiri 2023-07-07 10:40:57 +02:00 committed by GitHub
parent 1c32eb54be
commit 11cb81f40d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
frontend/next.config.js
View File

@ -1,22 +1,26 @@
const nextConfig = {
// eslint-disable-next-line prefer-arrow/prefer-arrow-functions
async headers() {
return [
{
source: "/(.*)",
headers: securityHeaders,
},
];
if (process.env.NEXT_PUBLIC_ENV === "prod") {
return [
{
source: "/(.*)",
headers: securityHeaders,
},
];
} else {
return [];
}
},
};
//add check of if localhsot of not
const ContentSecurityPolicy = `
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so http://localhost:3001/;
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/;
connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so;
img-src 'self' data:;
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ http://localhost:3001/;
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/;
frame-ancestors 'none';
style-src 'unsafe-inline' http://localhost:3001/;
style-src 'unsafe-inline' https://www.quivr.app/;
`;
// Define headers