From 1aed9404202bc382159105faf29d9f50394f6c8a Mon Sep 17 00:00:00 2001
From: Joe Au-Yeung <j.auyeung419@gmail.com>
Date: Mon, 23 Jan 2023 16:49:53 -0500
Subject: [PATCH] Add CSP

---
 apps/web/next.config.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/web/next.config.js b/apps/web/next.config.js
index 10a1e866d6..e44a5b0862 100644
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -263,6 +263,13 @@ const nextConfig = {
     return redirects;
   },
   async headers() {
+    const ContentSecurityPolicy = `
+      default-src 'self';
+      script-src 'self';
+      child-src example.com;
+      style-src 'self' example.com;
+      font-src 'self';  
+    `;
     return [
       {
         source: "/:path*",
@@ -271,6 +278,10 @@ const nextConfig = {
             key: "X-Frame-Options",
             value: "SAMEORIGIN",
           },
+          {
+            key: "Content-Security-Policy",
+            value: ContentSecurityPolicy.replace(/\s{2,}/g, " ").trim(),
+          },
         ],
       },
     ];