fix: adding additional headers to restrict iframe

2023-12-20 13:49:17 +05:30 · 2023-12-20 13:49:17 +05:30 · 216a7c8fda
commit 216a7c8fda
parent 7bff8d2ec5
2 changed files with 22 additions and 0 deletions
--- a/space/next.config.js
+++ b/space/next.config.js
@ -3,10 +3,24 @@ require("dotenv").config({ path: ".env" });
 const { withSentryConfig } = require("@sentry/nextjs");

 const nextConfig = {
+  async headers() {
+    return [
+      {
+        source: "/",
+        headers: [{ key: "X-Frame-Options", value: "SAMEORIGIN" }],
+      },
+    ];
+  },
  basePath: process.env.NEXT_PUBLIC_DEPLOY_WITH_NGINX === "1" ? "/spaces" : "",
  reactStrictMode: false,
  swcMinify: true,
  images: {
+    remotePatterns: [
+      {
+        protocol: "https",
+        hostname: "**",
+      },
+    ],
    unoptimized: true,
  },
  output: "standalone",
--- a/web/next.config.js
+++ b/web/next.config.js
@ -2,6 +2,14 @@ require("dotenv").config({ path: ".env" });
 const { withSentryConfig } = require("@sentry/nextjs");

 const nextConfig = {
+  async headers() {
+    return [
+      {
+        source: "/(.*)?",
+        headers: [{ key: "X-Frame-Options", value: "SAMEORIGIN" }],
+      },
+    ];
+  },
  reactStrictMode: false,
  swcMinify: true,
  images: {