next-safe
next-safe copied to clipboard
trezy
Addressing the bug described in this issue: https://github.com/trezy/next-safe/issues/39. This should require no changes to how the module works but will simply allow it to be installed for users already on...
### Describe the bug I just installed the latest nextjs (12.0.10) and trying to install next-safe and got error that it could not resolve dependency. Is the latest next-safe not...
Allow the setting of `contentSecurityPolicy.mergeDefaultDirectives` which allows CSP directives defined in config to be additive to the default directives defined in `next-safe`. Also allow interpretation of string directives, e.g. `"'self'...
### Describe the bug When I set frameOptions: false the library still return the `X-Frame-Options` header. The PR https://github.com/trezy/next-safe/pull/38 solves this problem by checking if the right value param is...
Value should be checked for false. This fixes `frameOptions: false` not working
### Describe the bug ```js const nextSafe = require('next-safe'); const isDev = process.env.NODE_ENV !== 'production'; module.exports = { async headers() { return [ { source: '/:path*', headers: nextSafe({ isDev, contentSecurityPolicy:...
Hi there, I had a read of [this](https://github.com/vercel/next.js/issues/23993#issuecomment-868673612) and it seems like I am unable to use a nonce for my style-src (Im using CSS in JS (styled-components)). I believe...
### Is your feature request related to a problem? Please describe. `X-Content-Security-Policy`, `X-Webkit-Csp`, `X-Xss-Protection`
The CSP: `prefetch-src` option [is deprecated](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/prefetch-src) and [no longer supported by any browsers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/prefetch-src#browser_compatibility) (with the exception of Safari on iOS). This PR removes it from the CSP headers.
