feat: same origin header & password max length to prevent clickjackingg & DoS (#2370)

Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>

apps/web/app/(auth)/auth/components/IsPasswordValid.tsx

@@ -13,7 +13,7 @@ const PASSWORD_REGEX = {
 
 const DEFAULT_VALIDATIONS = [
   { label: "Mix of uppercase and lowercase", state: false },
-  { label: "Minimum 8 characters long", state: false },
+  { label: "Minimum 8 & Maximum 128 characters long", state: false },
   { label: "Contain at least 1 number", state: false },
 ];
 
@@ -30,7 +30,7 @@ export default function IsPasswordValid({
     let newValidations = [...DEFAULT_VALIDATIONS];
     if (password !== null) {
       newValidations = checkValidation(newValidations, 0, PASSWORD_REGEX.UPPER_AND_LOWER.test(password));
-      newValidations = checkValidation(newValidations, 1, password.length >= 8);
+      newValidations = checkValidation(newValidations, 1, password.length >= 8 && password.length <= 128);
       newValidations = checkValidation(newValidations, 2, PASSWORD_REGEX.NUMBER.test(password));
     }
     setIsValid(newValidations.every((validation) => validation.state === true));

apps/web/next.config.mjs

@@ -111,6 +111,15 @@ const nextConfig = {
           },
         ],
       },
+      {
+        source: "/(.*)",
+        headers: [
+          {
+            key: "X-Frame-Options",
+            value: "SAMEORIGIN",
+          },
+        ],
+      },
     ];
   },
   env: {