@nosecone/next/index.d.ts

Protect your Next.js application with secure headers

import nosecone from "nosecone";
import type { Options } from "nosecone";
export { withVercelToolbar, type Options, type NoseconeOptions, } from "nosecone";
/**
 * Nosecone Next.js defaults.
 */
export declare const defaults: {
    readonly contentSecurityPolicy: {
        readonly directives: {
            readonly scriptSrc: readonly ["'self'", typeof nonce, "'unsafe-eval'"] | readonly ["'self'", typeof nonce];
            readonly styleSrc: readonly ["'self'", "'unsafe-inline'"];
            readonly baseUri: readonly ["'none'"];
            readonly childSrc: readonly ["'none'"];
            readonly connectSrc: readonly ["'self'"];
            readonly defaultSrc: readonly ["'self'"];
            readonly fontSrc: readonly ["'self'"];
            readonly formAction: readonly ["'self'"];
            readonly frameAncestors: readonly ["'none'"];
            readonly frameSrc: readonly ["'none'"];
            readonly imgSrc: readonly ["'self'", "blob:", "data:"];
            readonly manifestSrc: readonly ["'self'"];
            readonly mediaSrc: readonly ["'self'"];
            readonly objectSrc: readonly ["'none'"];
            readonly workerSrc: readonly ["'self'"];
        };
    };
    readonly crossOriginEmbedderPolicy: {
        readonly policy: "require-corp";
    };
    readonly crossOriginOpenerPolicy: {
        readonly policy: "same-origin";
    };
    readonly crossOriginResourcePolicy: {
        readonly policy: "same-origin";
    };
    readonly originAgentCluster: true;
    readonly referrerPolicy: {
        readonly policy: readonly ["no-referrer"];
    };
    readonly strictTransportSecurity: {
        readonly maxAge: number;
        readonly includeSubDomains: true;
        readonly preload: false;
    };
    readonly xContentTypeOptions: true;
    readonly xDnsPrefetchControl: {
        readonly allow: false;
    };
    readonly xDownloadOptions: true;
    readonly xFrameOptions: {
        readonly action: "sameorigin";
    };
    readonly xPermittedCrossDomainPolicies: {
        readonly permittedPolicies: "none";
    };
    readonly xXssProtection: true;
};
export { nosecone };
/**
 * Create security headers.
 *
 * @deprecated
 *   Use the named export `nosecone` instead.
 */
export default nosecone;
declare function nonce(): `'nonce-${string}'`;
/**
 * Create Next.js middleware that sets secure headers on every request.
 *
 * @param options
 *   Configuration to provide to Nosecone.
 * @returns
 *   Next.js middleware that sets secure headers.
 */
export declare function createMiddleware(options?: Options): () => Promise<Response>;