mirror/formbricks-formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-05-04 12:51:37 -05:00
Code Issues Packages Projects Releases 100 Wiki Activity

feat: add security headers for Referrer-Policy and Permissions-Policy (#5877)

Browse Source
This commit is contained in:
Piyush Gupta
2025-06-05 09:51:10 +05:30
committed by GitHub
parent c0b8edfdf2
commit 0d1d227e6a
1 changed files with 16 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/next.config.mjs
+16 -21
View File
@@ -115,11 +115,12 @@ const nextConfig = {
async headers() {
return [
{
source: "/(.*)",
// Apply X-Frame-Options to all routes except those starting with /s/ or /c/
source: "/((?!s/|c/).*)",
headers: [
{
key: "Strict-Transport-Security",
value: "max-age=63072000; includeSubDomains; preload",
key: "X-Frame-Options",
value: "SAMEORIGIN",
},
],
},
@@ -151,24 +152,6 @@ const nextConfig = {
},
],
},
{
source: "/environments/(.*)",
headers: [
{
key: "X-Frame-Options",
value: "SAMEORIGIN",
},
],
},
{
source: "/auth/(.*)",
headers: [
{
key: "X-Frame-Options",
value: "SAMEORIGIN",
},
],
},
{
source: "/(.*)",
headers: [
@@ -181,6 +164,18 @@ const nextConfig = {
value:
"default-src 'self'; script-src 'self' 'unsafe-inline' https://*.intercom.io https://*.intercomcdn.com https:; style-src 'self' 'unsafe-inline' https://*.intercomcdn.com https:; img-src 'self' blob: data: https://*.intercom.io https://*.intercomcdn.com data: https:; font-src 'self' data: https://*.intercomcdn.com https:; connect-src 'self' https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https:; frame-src 'self' https://*.intercom.io https://app.cal.com https:; media-src 'self' https:; object-src 'self' data: https:; base-uri 'self'; form-action 'self'",
},
{
key: "Strict-Transport-Security",
value: "max-age=63072000; includeSubDomains; preload",
},
{
key: "Referrer-Policy",
value: "strict-origin-when-cross-origin",
},
{
key: "Permissions-Policy",
value: "camera=(), microphone=(), geolocation=()",
},
],
},
{