-
Notifications
You must be signed in to change notification settings - Fork 343
Expand file tree
/
Copy pathproxy.ts
More file actions
42 lines (32 loc) · 1.23 KB
/
proxy.ts
File metadata and controls
42 lines (32 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import type { NextRequest } from 'next/server';
import { NextResponse } from 'next/server';
function normalizeAllowEmbedding(value: string | undefined): string {
return value?.trim() ?? '';
}
function toFrameAncestors(allowEmbedding: string): string | null {
if (!allowEmbedding || allowEmbedding === 'false') return null;
if (allowEmbedding === 'true') return "frame-ancestors 'self' *;";
const origins = allowEmbedding
.split(',')
.map(origin => origin.trim())
.filter(Boolean)
.map(origin => (origin.startsWith('http') ? origin : `https://${origin}`));
if (origins.length === 0) return null;
return `frame-ancestors 'self' ${origins.join(' ')};`;
}
export function proxy(_request: NextRequest) {
const response = NextResponse.next();
const allowEmbedding = normalizeAllowEmbedding(process.env.ALLOW_EMBEDDING);
const frameAncestors = toFrameAncestors(allowEmbedding);
if (!frameAncestors) {
response.headers.set('X-Frame-Options', 'SAMEORIGIN');
response.headers.delete('Content-Security-Policy');
return response;
}
response.headers.delete('X-Frame-Options');
response.headers.set('Content-Security-Policy', frameAncestors);
return response;
}
export const config = {
matcher: '/:path*',
};