Merge pull request #1338 from avorylli/fix

Add security headers to Next.js config

Author: krofax

next.config.mjs

@@ -17,6 +17,32 @@ export default {
   eslint: {
     ignoreDuringBuilds: true,
   },
+  
+  async headers() {
+    return [
+      {
+        source: '/:path*',
+        headers: [
+          {
+            key: 'X-DNS-Prefetch-Control',
+            value: 'on'
+          },
+          {
+            key: 'Strict-Transport-Security',
+            value: 'max-age=31536000; includeSubDomains; preload'
+          },
+          {
+            key: 'X-Content-Type-Options',
+            value: 'nosniff'
+          },
+          {
+            key: 'X-Frame-Options',
+            value: 'DENY'
+          }
+        ],
+      },
+    ]
+  },
 
   // Don't put redirects here
   // they go in public/_redirects