[e.cash] Add recommended security headers
ClosedPublic
Actions

Authored by bytesofman on Jan 20 2024, 15:26.

Details

Reviewers

Fabien

Group Reviewers

Restricted Project

Commits

rABCbe684676739e: [e.cash] Add recommended security headers

Summary

T3395

Add recommended headers.

Note: CSP header is added as 'report-only' so that we can confirm it does not break the site.

ref
https://nextjs.org/docs/pages/api-reference/next-config-js/headers
https://github.com/vercel/next.js/discussions/17991 for source: key to cover whole site

Test Plan

docker build -t ecash_local .
docker run -it --rm -p 3000:3000 ecash_local
curl -I http://localhost:3000

Confirm terminal output includes headers

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bytesofman created this revision.Jan 20 2024, 15:26

Herald added a reviewer: Restricted Project. · View Herald TranscriptJan 20 2024, 15:26

Harbormaster completed remote builds in B26516: Diff 44398.Jan 20 2024, 15:26

output from test plan

bytesofman edited the summary of this revision. (Show Details)Jan 20 2024, 16:28

Fabien accepted this revision.Jan 22 2024, 10:03

This revision is now accepted and ready to land.Jan 22 2024, 10:03

Closed by commit rABCbe684676739e: [e.cash] Add recommended security headers (authored by bytesofman). · Explain WhyJan 22 2024, 12:23

This revision was automatically updated to reflect the committed changes.

bytesofman added a commit: rABCbe684676739e: [e.cash] Add recommended security headers.

bytesofman mentioned this in D15266: [e.cash] modify CSP headers for dev mode.Jan 24 2024, 18:20

Revision Contents
Changeset List

Path

Size

web/

e.cash/

next.config.js

33 lines

Diff 44420

View Options

[e.cash] Add recommended security headersClosedPublicActions