mirror of
https://github.com/StanGirard/quivr.git
synced 2024-11-24 05:55:13 +03:00
🚑 use security headers in prod environement only (#550)
This commit is contained in:
parent
1c32eb54be
commit
11cb81f40d
@ -1,22 +1,26 @@
|
|||||||
const nextConfig = {
|
const nextConfig = {
|
||||||
// eslint-disable-next-line prefer-arrow/prefer-arrow-functions
|
// eslint-disable-next-line prefer-arrow/prefer-arrow-functions
|
||||||
async headers() {
|
async headers() {
|
||||||
return [
|
if (process.env.NEXT_PUBLIC_ENV === "prod") {
|
||||||
{
|
return [
|
||||||
source: "/(.*)",
|
{
|
||||||
headers: securityHeaders,
|
source: "/(.*)",
|
||||||
},
|
headers: securityHeaders,
|
||||||
];
|
},
|
||||||
|
];
|
||||||
|
} else {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
//add check of if localhsot of not
|
|
||||||
const ContentSecurityPolicy = `
|
const ContentSecurityPolicy = `
|
||||||
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so http://localhost:3001/;
|
default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/;
|
||||||
connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so;
|
connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so;
|
||||||
img-src 'self' data:;
|
img-src 'self' data:;
|
||||||
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ http://localhost:3001/;
|
script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/;
|
||||||
frame-ancestors 'none';
|
frame-ancestors 'none';
|
||||||
style-src 'unsafe-inline' http://localhost:3001/;
|
style-src 'unsafe-inline' https://www.quivr.app/;
|
||||||
`;
|
`;
|
||||||
|
|
||||||
// Define headers
|
// Define headers
|
||||||
|
Loading…
Reference in New Issue
Block a user