diff --git a/frontend/.env.example b/frontend/.env.example index efef0d3..ffc2e5b 100644 --- a/frontend/.env.example +++ b/frontend/.env.example @@ -3,4 +3,4 @@ NEXT_PUBLIC_EVENTS_WS_URL="wss://:" # BlockVision Pro API key for Monad mainnet contract metadata lookups # Get your API key from https://docs.blockvision.org/ -BLOCKVISION_API_KEY="your-api-key-here" +BLOCKVISION_API_KEY="your-api-key-here" \ No newline at end of file diff --git a/frontend/next.config.ts b/frontend/next.config.ts index 15185ac..d62f6da 100644 --- a/frontend/next.config.ts +++ b/frontend/next.config.ts @@ -1,5 +1,7 @@ import type { NextConfig } from 'next' +const isDev = process.env.NODE_ENV === 'development' + const nextConfig: NextConfig = { images: { remotePatterns: [ @@ -10,6 +12,38 @@ const nextConfig: NextConfig = { }, ], }, + async headers() { + return [ + { + source: '/(.*)', + headers: [ + { key: 'X-Content-Type-Options', value: 'nosniff' }, + { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' }, + { + key: 'Permissions-Policy', + value: 'geolocation=(), microphone=(), camera=()', + }, + { key: 'X-Frame-Options', value: 'DENY' }, + { + key: 'Content-Security-Policy', + value: [ + "default-src 'self'", + `script-src 'self' 'unsafe-inline' https://va.vercel-scripts.com${isDev ? " 'unsafe-eval'" : ''}`, + "style-src 'self' 'unsafe-inline'", + "img-src 'self' data: https://raw.githubusercontent.com", + "font-src 'self'", + "connect-src 'self' wss://monode-mainnet.monadinfra.com wss://execution-events-backend-example.molandak.org", + "frame-ancestors 'none'", + "object-src 'none'", + "base-uri 'self'", + "form-action 'self'", + 'upgrade-insecure-requests', + ].join('; '), + }, + ], + }, + ] + }, } export default nextConfig