refactor: fix security headers

agustinusnathaniel · Jul 25, 2024 · e5de6db · e5de6db
1 parent 434e077
commit e5de6db
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/next.config.js b/next.config.js
@@ -33,7 +33,7 @@ const securityHeaders = [
   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
   {
     key: 'Referrer-Policy',
-    value: 'origin-when-cross-origin',
+    value: 'strict-origin-when-cross-origin',
   },
   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
   {
@@ -68,14 +68,11 @@ const portfolioDataPrefix = `/_next/data/${process.env.PORTFOLIO_BUILD_ID}`;
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   reactStrictMode: true,
+  // https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy#without-nonces
   headers: async () => {
     return [
       {
-        source: '/',
-        headers: securityHeaders,
-      },
-      {
-        source: '/:path*',
+        source: '/(.*)',
         headers: securityHeaders,
       },
     ];