@nosecone/next
Version:
Protect your Next.js application with secure headers
64 lines (63 loc) • 2.44 kB
TypeScript
import nosecone from "nosecone";
import type { NoseconeOptions } from "nosecone";
export { withVercelToolbar, type NoseconeOptions } from "nosecone";
export declare const defaults: {
readonly contentSecurityPolicy: {
readonly directives: {
readonly scriptSrc: readonly ["'self'", typeof nonce, "'unsafe-eval'"] | readonly ["'self'", typeof nonce];
readonly styleSrc: readonly ["'self'", "'unsafe-inline'"];
readonly baseUri: readonly ["'none'"];
readonly childSrc: readonly ["'none'"];
readonly connectSrc: readonly ["'self'"];
readonly defaultSrc: readonly ["'self'"];
readonly fontSrc: readonly ["'self'"];
readonly formAction: readonly ["'self'"];
readonly frameAncestors: readonly ["'none'"];
readonly frameSrc: readonly ["'none'"];
readonly imgSrc: readonly ["'self'", "blob:", "data:"];
readonly manifestSrc: readonly ["'self'"];
readonly mediaSrc: readonly ["'self'"];
readonly objectSrc: readonly ["'none'"];
readonly workerSrc: readonly ["'self'"];
};
};
readonly crossOriginEmbedderPolicy: {
readonly policy: "require-corp";
};
readonly crossOriginOpenerPolicy: {
readonly policy: "same-origin";
};
readonly crossOriginResourcePolicy: {
readonly policy: "same-origin";
};
readonly originAgentCluster: true;
readonly referrerPolicy: {
readonly policy: readonly ["no-referrer"];
};
readonly strictTransportSecurity: {
readonly maxAge: number;
readonly includeSubDomains: true;
readonly preload: false;
};
readonly xContentTypeOptions: true;
readonly xDnsPrefetchControl: {
readonly allow: false;
};
readonly xDownloadOptions: true;
readonly xFrameOptions: {
readonly action: "sameorigin";
};
readonly xPermittedCrossDomainPolicies: {
readonly permittedPolicies: "none";
};
readonly xXssProtection: true;
};
export default nosecone;
declare function nonce(): `'nonce-${string}'`;
/**
* Create Next.js middleware that sets secure headers on every request.
*
* @param options: Configuration to provide to Nosecone
* @returns Next.js middleware that sets secure headers
*/
export declare function createMiddleware(options?: NoseconeOptions): () => Promise<Response>;