mai
/
posimai-tech-events
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security: add CSP and HSTS headers to vercel.json

This commit is contained in:
posimai 2026-04-20 17:10:01 +09:00
parent 0ad6e8fb22
commit f0d38cc287
1 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
vercel.json
View File

@ -1,13 +1,30 @@
{ {
"rewrites": [ "rewrites": [
{ "source": "/api/(.*)", "destination": "/api/$1" } {
"source": "/api/(.*)",
"destination": "/api/$1"
}
], ],
"headers": [ "headers": [
{ {
"source": "/(.*)", "source": "/(.*)",
"headers": [ "headers": [
{ "key": "X-Content-Type-Options", "value": "nosniff" }, {
{ "key": "X-Frame-Options", "value": "DENY" } "key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "X-Frame-Options",
"value": "DENY"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://cdn.jsdelivr.net https://esm.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https://api.soar-enrich.com wss://api.soar-enrich.com https:; worker-src 'self'; frame-ancestors 'none';"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains"
}
] ]
} }
] ]