cardosofelipe/syndarix
1
0
Fork 0
forked from cardosofelipe/fast-next-template
Code Issues 18 Pull Requests Wiki Activity

Update E2E test for security headers to include worker-src validation

Browse Source
This commit is contained in:
Felipe Cardoso
2025-12-26 19:00:18 +01:00
parent 4e357db25d
commit a3e557d022
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
frontend/next.config.ts
View File

@@ -45,15 +45,17 @@ const securityHeaders = [
key: 'Content-Security-Policy',
value: [
"default-src 'self'",
"script-src 'self' 'unsafe-inline'", // Required for theme init script
"script-src 'self' 'unsafe-inline' 'unsafe-eval'", // unsafe-eval needed for MSW in dev
"style-src 'self' 'unsafe-inline'", // Required for Tailwind and styled components
"img-src 'self' blob: data: https:", // Allow images from HTTPS sources
"font-src 'self'",
"connect-src 'self' http://localhost:* ws://localhost:*", // API + HMR websocket
"worker-src 'self' blob:", // Required for MSW service worker in demo mode
"child-src 'self' blob:", // For service worker registration
"object-src 'none'",
"base-uri 'self'",
"form-action 'self'",
"frame-ancestors 'none'",
'upgrade-insecure-requests',
].join('; '),
},
];