From d4c7e726eab9a4e65b15e16a8db83ba72af0a026 Mon Sep 17 00:00:00 2001 From: Corbadoman <100508310+corbadoman@users.noreply.github.com> Date: Tue, 11 Feb 2025 19:15:35 +0100 Subject: [PATCH 1/5] Added CSP header --- playground/connect-next/next.config.mjs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/playground/connect-next/next.config.mjs b/playground/connect-next/next.config.mjs index d55e0fc3d..371eaddca 100644 --- a/playground/connect-next/next.config.mjs +++ b/playground/connect-next/next.config.mjs @@ -1,8 +1,26 @@ /** @type {import('next').NextConfig} */ + +const cspHeader = ` + script-src 'self' 'unsafe-eval' 'unsafe-inline'; +` + const nextConfig = { eslint: { ignoreDuringBuilds: true, }, + async headers() { + return [ + { + source: '/(.*)', + headers: [ + { + key: 'Content-Security-Policy', + value: cspHeader.replace(/\n/g, ''), + }, + ], + }, + ] + }, }; export default nextConfig; From 4d518c69b694a8f240d059abfec37180925bee78 Mon Sep 17 00:00:00 2001 From: Corbadoman <100508310+corbadoman@users.noreply.github.com> Date: Tue, 11 Feb 2025 19:20:21 +0100 Subject: [PATCH 2/5] prettier --- playground/connect-next/next.config.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playground/connect-next/next.config.mjs b/playground/connect-next/next.config.mjs index 371eaddca..f4453add6 100644 --- a/playground/connect-next/next.config.mjs +++ b/playground/connect-next/next.config.mjs @@ -2,7 +2,7 @@ const cspHeader = ` script-src 'self' 'unsafe-eval' 'unsafe-inline'; -` +`; const nextConfig = { eslint: { @@ -19,7 +19,7 @@ const nextConfig = { }, ], }, - ] + ]; }, }; From eac66fd0ea3703358840aaa5adb39199974afaf2 Mon Sep 17 00:00:00 2001 From: Corbadoman <100508310+corbadoman@users.noreply.github.com> Date: Tue, 11 Feb 2025 19:37:11 +0100 Subject: [PATCH 3/5] Removed unsafe-eval --- playground/connect-next/next.config.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playground/connect-next/next.config.mjs b/playground/connect-next/next.config.mjs index f4453add6..ea7600a76 100644 --- a/playground/connect-next/next.config.mjs +++ b/playground/connect-next/next.config.mjs @@ -1,7 +1,7 @@ /** @type {import('next').NextConfig} */ const cspHeader = ` - script-src 'self' 'unsafe-eval' 'unsafe-inline'; + script-src 'self' 'unsafe-inline'; `; const nextConfig = { From 4cd40adf9756a96b853d893b6f0247d79bed9ce0 Mon Sep 17 00:00:00 2001 From: Corbadoman <100508310+corbadoman@users.noreply.github.com> Date: Tue, 11 Feb 2025 20:07:09 +0100 Subject: [PATCH 4/5] Removed unsafe-inline --- playground/connect-next/next.config.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playground/connect-next/next.config.mjs b/playground/connect-next/next.config.mjs index ea7600a76..ae08443c5 100644 --- a/playground/connect-next/next.config.mjs +++ b/playground/connect-next/next.config.mjs @@ -1,7 +1,7 @@ /** @type {import('next').NextConfig} */ const cspHeader = ` - script-src 'self' 'unsafe-inline'; + script-src 'self'; `; const nextConfig = { From 471f6cbfdc27a9208cfb30e9e86a7dfe408edac1 Mon Sep 17 00:00:00 2001 From: Corbadoman <100508310+corbadoman@users.noreply.github.com> Date: Tue, 11 Feb 2025 20:27:22 +0100 Subject: [PATCH 5/5] Added unsafe-inline again --- playground/connect-next/next.config.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playground/connect-next/next.config.mjs b/playground/connect-next/next.config.mjs index ae08443c5..ea7600a76 100644 --- a/playground/connect-next/next.config.mjs +++ b/playground/connect-next/next.config.mjs @@ -1,7 +1,7 @@ /** @type {import('next').NextConfig} */ const cspHeader = ` - script-src 'self'; + script-src 'self' 'unsafe-inline'; `; const nextConfig = {