feat: Added headers

visualize-admin · Dec 5, 2024 · a7c147d · a7c147d
1 parent 3b1c14c
commit a7c147d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/app/next.config.js b/app/next.config.js
@@ -37,6 +37,7 @@ module.exports = withPreconstruct(
         defaultLocale,
       },
 
+      // See https://content-security-policy.com/ & https://developers.google.com/tag-platform/security/guides/csp
       headers: async () => {
         const headers = [];
 
@@ -51,12 +52,12 @@ module.exports = withPreconstruct(
               key: "Content-Security-Policy",
               value: [
                 `default-src 'self' 'unsafe-inline'${process.env.NODE_ENV === "development" ? " unsafe-eval" : ""}`,
-                `script-src 'self' 'unsafe-inline'${process.env.NODE_ENV === "development" ? " http://localhost:3000" : ""} https://*.sentry.io https://vercel.live/ https://vercel.com`,
+                `script-src 'self' 'unsafe-inline'${process.env.NODE_ENV === "development" ? " localhost:*" : ""} https://*.sentry.io https://vercel.live/ https://vercel.com https://*.googletagmanager.com`,
                 `style-src 'self' 'unsafe-inline'`,
                 `font-src 'self'`,
                 `form-action 'self'`,
-                `connect-src 'self'${process.env.NODE_ENV === "development" ? " http://localhost:3000" : ""} https//*.sentry.io https://*.vercel.app`,
-                `img-src 'self' https://vercel.live https://vercel.com *.pusher.com *.pusherapp.com https://*.admin.ch https://*.opendataswiss.org${process.env.NODE_ENV === "development" ? " http://localhost:3000" : ""} data: blob:`,
+                `connect-src 'self'${process.env.NODE_ENV === "development" ? " localhost:*" : ""} https//*.sentry.io https://*.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com`,
+                `img-src 'self' https://vercel.live https://vercel.com *.pusher.com *.pusherapp.com https://*.admin.ch https://*.opendataswiss.org https://*.google-analytics.com https://*.googletagmanager.com${process.env.NODE_ENV === "development" ? " localhost:*" : ""} data: blob:`,
                 `script-src-elem 'self' 'unsafe-inline' https://*.admin.ch https://vercel.live https://vercel.com`,
                 `worker-src 'self' blob: https://*.admin.ch`,
               ].join("; "),