Secure header

2023-04-23 22:50:48 +02:00 · 2023-04-23 22:50:48 +02:00 · efc84d5d86
commit efc84d5d86
parent 4b48a6efd5
2 changed files with 32 additions and 1 deletions
--- a/next.config.js
+++ b/next.config.js
@ -5,6 +5,36 @@ const nextConfig = {
  experimental: {
    appDir: true,
    scrollRestoration: true
+  },
+  headers: async () => {
+    return [
+      {
+        source: '/(.*)',
+        headers: [
+          {
+            key: 'X-Frame-Options',
+            value: 'DENY'
+          },
+          {
+            key: 'Content-Security-Policy',
+            value:
+              "default-src 'self'; script-src 'self'; font-src 'self' 'https://fonts.googleapis.com'"
+          },
+          {
+            key: 'X-Content-Type-Options',
+            value: 'nosniff'
+          },
+          {
+            key: 'Permissions-Policy',
+            value: 'camera=(); battery=(); geolocation=(); microphone=()'
+          },
+          {
+            key: 'Referrer-Policy',
+            value: 'origin-when-cross-origin'
+          }
+        ]
+      }
+    ];
  }
 };

--- a/ui/Puzzle.tsx
+++ b/ui/Puzzle.tsx
@ -137,7 +137,8 @@ export default function Puzzle({ token, id }: { token: string; id: number }) {
        <div className="flex items-center justify-between">
          <div className="items-center gap-x-2">
            <p>
-              Tentative{puzzle.tries && puzzle.tries > 1 ? "s":""} : <span className="text-brand-accent">{puzzle.tries}</span>
+              Tentative{puzzle.tries && puzzle.tries > 1 ? 's' : ''} :{' '}
+              <span className="text-brand-accent">{puzzle.tries}</span>
            </p>
            <p>
              Score : <span className="text-brand-accent">{puzzle.score}</span>