Clean up middleware, add security-headers to non-Zammad pages

2024-09-04 12:09:28 +02:00 · 2024-09-04 12:09:28 +02:00 · 8c6e954fdf
commit 8c6e954fdf
parent 027aac3a92
9 changed files with 81 additions and 62 deletions
--- a/apps/link/next.config.js
+++ b/apps/link/next.config.js
@ -8,22 +8,37 @@ const nextConfig = {
    "@link-stack/bridge-ui",
    "mui-chips-input",
  ],
-  publicRuntimeConfig: {
-    linkURL: process.env.LINK_URL ?? "http://localhost:3000",
-    bridgeURL: process.env.BRIDGE_URL ?? "http://localhost:8002",
-    labelStudioURL: process.env.LABEL_STUDIO_URL ?? "http://localhost:8006",
-    muiLicenseKey: process.env.MUI_LICENSE_KEY ?? "",
+  headers: async () => {
+    return [
+      {
+        source: "/((?!zammad).*)",
+        headers: [
+          {
+            key: "Strict-Transport-Security",
+            value: "max-age=63072000; includeSubDomains; preload",
+          },
+          {
+            key: "X-Frame-Options",
+            value: "DENY",
+          },
+          {
+            key: "X-Content-Type-Options",
+            value: "nosniff",
+          },
+        ],
+      },
+    ];
  },
  rewrites: async () => {
    return {
      beforeFiles: [
        {
          source: "/api/v1/:path*",
-          destination: `http://zammad-nginx:8080/api/v1/:path*`,
+          destination: `${process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080"}/api/v1/:path*`,
        },
        {
          source: "/ws",
-          destination: `http://zammad-nginx:8080/ws`,
+          destination: `${process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080"}/ws`,
        },
      ],
    };