chore: add security header (#1102)

openstatusHQ · Nov 16, 2024 · 4d36736 · 4d36736
1 parent 399d791
commit 4d36736
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/apps/web/next.config.js b/apps/web/next.config.js
@@ -1,6 +1,14 @@
 const { withContentCollections } = require("@content-collections/next");
 const { withSentryConfig } = require("@sentry/nextjs");
 
+// REMINDER: avoid Clickjacking attacks by setting the X-Frame-Options header
+const securityHeaders = [
+  {
+    key: "X-Frame-Options",
+    value: "SAMEORIGIN",
+  },
+];
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   reactStrictMode: true,
@@ -53,6 +61,9 @@ const nextConfig = {
       },
     ],
   },
+  async headers() {
+    return [{ source: "/(.*)", headers: securityHeaders }];
+  },
 };
 
 module.exports = withSentryConfig(