UNPKG

@nosecone/next

Version:

Protect your Next.js application with secure headers

64 lines (63 loc) 2.44 kB
import nosecone from "nosecone"; import type { NoseconeOptions } from "nosecone"; export { withVercelToolbar, type NoseconeOptions } from "nosecone"; export declare const defaults: { readonly contentSecurityPolicy: { readonly directives: { readonly scriptSrc: readonly ["'self'", typeof nonce, "'unsafe-eval'"] | readonly ["'self'", typeof nonce]; readonly styleSrc: readonly ["'self'", "'unsafe-inline'"]; readonly baseUri: readonly ["'none'"]; readonly childSrc: readonly ["'none'"]; readonly connectSrc: readonly ["'self'"]; readonly defaultSrc: readonly ["'self'"]; readonly fontSrc: readonly ["'self'"]; readonly formAction: readonly ["'self'"]; readonly frameAncestors: readonly ["'none'"]; readonly frameSrc: readonly ["'none'"]; readonly imgSrc: readonly ["'self'", "blob:", "data:"]; readonly manifestSrc: readonly ["'self'"]; readonly mediaSrc: readonly ["'self'"]; readonly objectSrc: readonly ["'none'"]; readonly workerSrc: readonly ["'self'"]; }; }; readonly crossOriginEmbedderPolicy: { readonly policy: "require-corp"; }; readonly crossOriginOpenerPolicy: { readonly policy: "same-origin"; }; readonly crossOriginResourcePolicy: { readonly policy: "same-origin"; }; readonly originAgentCluster: true; readonly referrerPolicy: { readonly policy: readonly ["no-referrer"]; }; readonly strictTransportSecurity: { readonly maxAge: number; readonly includeSubDomains: true; readonly preload: false; }; readonly xContentTypeOptions: true; readonly xDnsPrefetchControl: { readonly allow: false; }; readonly xDownloadOptions: true; readonly xFrameOptions: { readonly action: "sameorigin"; }; readonly xPermittedCrossDomainPolicies: { readonly permittedPolicies: "none"; }; readonly xXssProtection: true; }; export default nosecone; declare function nonce(): `'nonce-${string}'`; /** * Create Next.js middleware that sets secure headers on every request. * * @param options: Configuration to provide to Nosecone * @returns Next.js middleware that sets secure headers */ export declare function createMiddleware(options?: NoseconeOptions): () => Promise<Response>;