Update 15-content-security-policy.mdx
Ensures the CSP header is still set on the response.
This commit is contained in:
parent
20ad9ac270
commit
af2c3f71bf
1 changed files with 26 additions and 6 deletions
|
@ -54,20 +54,31 @@ export function middleware(request: NextRequest) {
|
|||
block-all-mixed-content;
|
||||
upgrade-insecure-requests;
|
||||
`
|
||||
// Replace newline characters and spaces
|
||||
const contentSecurityPolicyHeaderValue = cspHeader
|
||||
.replace(/\s{2,}/g, ' ')
|
||||
.trim()
|
||||
|
||||
const requestHeaders = new Headers(request.headers)
|
||||
requestHeaders.set('x-nonce', nonce)
|
||||
|
||||
requestHeaders.set(
|
||||
'Content-Security-Policy',
|
||||
// Replace newline characters and spaces
|
||||
cspHeader.replace(/\s{2,}/g, ' ').trim()
|
||||
contentSecurityPolicyHeaderValue
|
||||
)
|
||||
|
||||
return NextResponse.next({
|
||||
const response = NextResponse.next({
|
||||
headers: requestHeaders,
|
||||
request: {
|
||||
headers: requestHeaders,
|
||||
},
|
||||
})
|
||||
response.headers.set(
|
||||
'Content-Security-Policy',
|
||||
contentSecurityPolicyHeaderValue
|
||||
)
|
||||
|
||||
return response
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -89,21 +100,30 @@ export function middleware(request) {
|
|||
block-all-mixed-content;
|
||||
upgrade-insecure-requests;
|
||||
`
|
||||
// Replace newline characters and spaces
|
||||
const contentSecurityPolicyHeaderValue = cspHeader
|
||||
.replace(/\s{2,}/g, ' ')
|
||||
.trim()
|
||||
|
||||
const requestHeaders = new Headers(request.headers)
|
||||
requestHeaders.set('x-nonce', nonce)
|
||||
requestHeaders.set(
|
||||
'Content-Security-Policy',
|
||||
// Replace newline characters and spaces
|
||||
cspHeader.replace(/\s{2,}/g, ' ').trim()
|
||||
contentSecurityPolicyHeaderValue
|
||||
)
|
||||
|
||||
return NextResponse.next({
|
||||
const response = NextResponse.next({
|
||||
headers: requestHeaders,
|
||||
request: {
|
||||
headers: requestHeaders,
|
||||
},
|
||||
})
|
||||
response.headers.set(
|
||||
'Content-Security-Policy',
|
||||
contentSecurityPolicyHeaderValue
|
||||
)
|
||||
|
||||
return response
|
||||
}
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue