mirror of
https://github.com/lobehub/lobehub
synced 2026-04-21 17:47:27 +00:00
🐛 fix: add Content-Security-Policy env (#8752)
* fix: add Content-Security-Policy * feat: add env to control csp open or not * update env
This commit is contained in:
parent
0220e81a92
commit
9250540912
2 changed files with 30 additions and 6 deletions
|
|
@ -4,6 +4,14 @@
|
|||
# Specify your API Key selection method, currently supporting `random` and `turn`.
|
||||
# API_KEY_SELECT_MODE=random
|
||||
|
||||
########################################
|
||||
########### Security Settings ###########
|
||||
########################################
|
||||
|
||||
# Control Content Security Policy headers
|
||||
# Set to '1' to enable X-Frame-Options and Content-Security-Policy headers
|
||||
# Default is '0' (enabled)
|
||||
# ENABLED_CSP=1
|
||||
|
||||
########################################
|
||||
########## AI Provider Service #########
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ const buildWithDocker = process.env.DOCKER === 'true';
|
|||
const isDesktop = process.env.NEXT_PUBLIC_IS_DESKTOP_APP === '1';
|
||||
const enableReactScan = !!process.env.REACT_SCAN_MONITOR_API_KEY;
|
||||
const isUsePglite = process.env.NEXT_PUBLIC_CLIENT_DB === 'pglite';
|
||||
const shouldUseCSP = process.env.ENABLED_CSP === '1';
|
||||
|
||||
// if you need to proxy the api endpoint to remote server
|
||||
|
||||
|
|
@ -41,14 +42,29 @@ const nextConfig: NextConfig = {
|
|||
webVitalsAttribution: ['CLS', 'LCP'],
|
||||
},
|
||||
async headers() {
|
||||
const securityHeaders = [
|
||||
{
|
||||
key: 'x-robots-tag',
|
||||
value: 'all',
|
||||
},
|
||||
];
|
||||
|
||||
if (shouldUseCSP) {
|
||||
securityHeaders.push(
|
||||
{
|
||||
key: 'X-Frame-Options',
|
||||
value: 'DENY',
|
||||
},
|
||||
{
|
||||
key: 'Content-Security-Policy',
|
||||
value: "frame-ancestors 'none';",
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
return [
|
||||
{
|
||||
headers: [
|
||||
{
|
||||
key: 'x-robots-tag',
|
||||
value: 'all',
|
||||
},
|
||||
],
|
||||
headers: securityHeaders,
|
||||
source: '/:path*',
|
||||
},
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue