-
Notifications
You must be signed in to change notification settings - Fork 43
Expand file tree
/
Copy pathnext.config.ts
More file actions
32 lines (28 loc) · 1.43 KB
/
next.config.ts
File metadata and controls
32 lines (28 loc) · 1.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
import type { NextConfig } from 'next'
import createNextIntlPlugin from 'next-intl/plugin'
import { createSecureHeaders } from 'next-secure-headers'
const nextConfig: NextConfig = {
reactCompiler: true,
/**
* Security Headers Configuration:
* - Uses the `createSecureHeaders()` function from the `next-secure-headers` package
* to apply security-related HTTP headers to all routes.
* - `source: '/(.*)'` matches all route paths.
* - The default `createSecureHeaders()` settings apply multiple important headers, including:
* 1. Content-Security-Policy: Restricts the sources of content to mitigate XSS attacks.
* 2. X-Frame-Options: Prevents the site from being embedded in iframes to avoid clickjacking.
* 3. X-Content-Type-Options: Disables MIME type sniffing to prevent content-type confusion attacks.
* 4. X-XSS-Protection: Enables the browser's built-in XSS filtering.
* 5. Strict-Transport-Security: Enforces secure (HTTPS) connections to the server.
* 6. Referrer-Policy: Controls the amount of referrer information sent with requests.
*
* These headers are crucial for enhancing the site's security and protecting against
* common web threats.
*/
// eslint-disable-next-line @typescript-eslint/require-await
async headers() {
return [{ source: '/(.*)', headers: createSecureHeaders() }]
},
}
const withNextIntl = createNextIntlPlugin()
export default withNextIntl(nextConfig)