nilsjohan/recipe-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add helmet middleware for security and implement Content Security Policy in Next.js configuration

Browse Source
This commit is contained in:
Nils-Johan Gynther
2026-04-21 07:44:04 +02:00
parent eb7adda612
commit c1d51c771e
3 changed files with 50 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/main.ts
+21
View File
@@ -2,10 +2,31 @@ import { ValidationPipe } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import { GlobalExceptionFilter } from './common/filters/global-exception.filter';
import helmet from 'helmet';
async function bootstrap() {
const app = await NestFactory.create(AppModule);
// Helmet som säkerhetsbackup (CSP hanteras av Next.js/Caddy)
app.use(
helmet({
contentSecurityPolicy: false,
crossOriginEmbedderPolicy: true,
crossOriginOpenerPolicy: { policy: 'same-origin' },
crossOriginResourcePolicy: { policy: 'same-origin' },
originAgentCluster: true,
referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
strictTransportSecurity: {
maxAge: 31536000,
includeSubDomains: true,
preload: true,
},
xContentTypeOptions: true,
xFrameOptions: { action: 'deny' },
xXssProtection: false, // Deprecated, hanteras av Caddy
}),
);
app.setGlobalPrefix('api');
// Registrera global exception filter