-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.ts
More file actions
48 lines (39 loc) · 1.22 KB
/
proxy.ts
File metadata and controls
48 lines (39 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
function generateNonce(): string {
const array = new Uint8Array(16);
crypto.getRandomValues(array);
return btoa(String.fromCharCode(...array));
}
export function proxy(_request: NextRequest) {
const nonce = generateNonce();
const isDev = process.env.NODE_ENV === 'development';
// Build CSP with nonce
// style-src includes 'unsafe-inline' for Next.js styled-jsx CSS-in-JS
const csp = [
"default-src 'self'",
`script-src 'self' 'nonce-${nonce}' 'strict-dynamic'${isDev ? " 'unsafe-eval'" : ""}`,
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: https:",
"font-src 'self'",
"connect-src 'self'",
"frame-ancestors 'none'",
"base-uri 'self'",
"form-action 'self'",
"upgrade-insecure-requests",
].join('; ');
const response = NextResponse.next();
// Set CSP header
response.headers.set('Content-Security-Policy', csp);
// Store nonce in header for layout to access
response.headers.set('x-nonce', nonce);
return response;
}
export const config = {
matcher: [
'/',
'/results',
'/scan/loading',
'/((?!api|_next/static|_next/image|favicon.ico).*)',
],
};