sitepaige-mcp-server

Version:

MCP server for generating web applications using SitePaige AI. Generate frontend (FREE/12 credits) then optionally add backend (50 credits)

github.com/sitepaige/sitepaige-mcp-server

sitepaige/sitepaige-mcp-server

89 lines (76 loc) • 2.75 kB

text/typescript

View Raw

/* Sitepaige v1.0.0 Security Middleware WARNING: This file is automatically generated and should not be modified. */ import { NextResponse } from 'next/server'; import type { NextRequest } from 'next/server'; export function middleware(request: NextRequest) { // Create a new response const response = NextResponse.next(); // Get request headers const nonce = Buffer.from(crypto.randomUUID()).toString('base64'); // Add security headers response.headers.set('X-DNS-Prefetch-Control', 'on'); response.headers.set('X-Content-Type-Options', 'nosniff'); response.headers.set('X-Frame-Options', 'DENY'); response.headers.set('X-XSS-Protection', '1; mode=block'); response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin'); response.headers.set('Permissions-Policy', 'camera=(), microphone=(), geolocation=()'); // Add HSTS header (Strict Transport Security) if (process.env.NODE_ENV === 'production') { response.headers.set( 'Strict-Transport-Security', 'max-age=31536000; includeSubDomains' ); } // Add Content Security Policy with nonce for inline scripts const cspHeader = ` default-src 'self'; script-src 'self' 'nonce-${nonce}' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' https: data:; connect-src 'self' https:; media-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; `.replace(/\s{2,}/g, ' ').trim(); response.headers.set('Content-Security-Policy', cspHeader); // Add CSRF token generation for state-changing requests if (request.method !== 'GET' && request.method !== 'HEAD') { const csrfToken = request.cookies.get('csrf-token')?.value; // If no CSRF token exists, generate one if (!csrfToken) { const newCsrfToken = crypto.randomUUID(); response.cookies.set({ name: 'csrf-token', value: newCsrfToken, httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'strict', maxAge: 60 * 60 * 24, // 24 hours path: '/' }); } } // Store nonce in response headers for use in the app response.headers.set('x-nonce', nonce); return response; } // Configure which routes the middleware runs on export const config = { matcher: [ /* * Match all request paths except for the ones starting with: * - _next/static (static files) * - _next/image (image optimization files) * - favicon.ico (favicon file) * - public folder */ '/((?!_next/static|_next/image|favicon.ico|public).*)', ], };