security: add HTTP security headers (X-Frame-Options, XCTO, Referrer-Policy, Permissions-Policy)

2026-05-01 11:14:14 -04:00 · 2026-05-01 11:14:14 -04:00 · b822dbee40
commit b822dbee40
parent 866392fa8a
1 changed files with 17 additions and 0 deletions
--- a/next.config.ts
+++ b/next.config.ts
@ -2,6 +2,23 @@ import type { NextConfig } from "next";

 const nextConfig: NextConfig = {
  output: "standalone",
+  async headers() {
+    return [
+      {
+        source: "/(.*)",
+        headers: [
+          { key: "X-Frame-Options", value: "SAMEORIGIN" },
+          { key: "X-Content-Type-Options", value: "nosniff" },
+          { key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
+          {
+            key: "Permissions-Policy",
+            value: "camera=(), microphone=(), geolocation=()",
+          },
+          { key: "X-DNS-Prefetch-Control", value: "on" },
+        ],
+      },
+    ];
+  },
 };

 export default nextConfig;