diff --git a/next.config.js b/next.config.js index 5cd8cc3..8024834 100644 --- a/next.config.js +++ b/next.config.js @@ -1,6 +1,36 @@ /** @type {import('next').NextConfig} */ const nextConfig = { output: 'standalone', + + async headers() { + return [ + { + source: '/(.*)', + headers: [ + { + key: 'X-Frame-Options', + value: 'DENY', + }, + { + key: 'X-Content-Type-Options', + value: 'nosniff', + }, + { + key: 'Referrer-Policy', + value: 'strict-origin-when-cross-origin', + }, + { + key: 'Permissions-Policy', + value: 'camera=(), microphone=(), geolocation=()', + }, + { + key: 'Content-Security-Policy', + value: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'", + }, + ], + }, + ] + }, } module.exports = nextConfig diff --git a/openspec/changes/code-review-fix/tasks.md b/openspec/changes/code-review-fix/tasks.md index c8d6666..47a18f2 100644 --- a/openspec/changes/code-review-fix/tasks.md +++ b/openspec/changes/code-review-fix/tasks.md @@ -52,7 +52,7 @@ ## 6. Infrastructure & Docker -- [ ] 6.1 `[sonnet]` Add `headers()` function to `next.config.js` with X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Content-Security-Policy +- [x] 6.1 `[sonnet]` Add `headers()` function to `next.config.js` with X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Content-Security-Policy - [ ] 6.2 `[sonnet]` Add `USER appuser` to `services/ml/Dockerfile`: create user with `useradd`, set ownership, add USER directive before CMD - [ ] 6.3 `[haiku]` Create `.dockerignore` with `.git`, `.env`, `.env*`, `node_modules`, `.next`, `data/`, `*.md`, `__pycache__/`, `mlruns/`, `models/` - [ ] 6.4 `[haiku]` Change TA-Lib download URL to HTTPS in `services/ml/Dockerfile:10`