From 95a40400af1aa687be89e45efde1eb62d7d38859 Mon Sep 17 00:00:00 2001
From: nsylke <nicksylke@outlook.com>
Date: Mon, 18 Sep 2023 20:13:46 -0500
Subject: [PATCH] feat: security headers

---
 apps/marketing/next.config.js | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/apps/marketing/next.config.js b/apps/marketing/next.config.js
index 97f904cf0..2783e4063 100644
--- a/apps/marketing/next.config.js
+++ b/apps/marketing/next.config.js
@@ -18,6 +18,40 @@ const config = {
       transform: 'lucide-react/dist/esm/icons/{{ kebabCase member }}',
     },
   },
+  async headers() {
+    return [
+      {
+        source: '/:path*',
+        headers: [
+          {
+            key: 'x-dns-prefetch-control',
+            value: 'on',
+          },
+          {
+            key: 'strict-transport-security',
+            value: 'max-age=31536000; includeSubDomains; preload',
+          },
+          {
+            key: 'x-frame-options',
+            value: 'SAMEORIGIN',
+          },
+          {
+            key: 'x-content-type-options',
+            value: 'nosniff',
+          },
+          {
+            key: 'referrer-policy',
+            value: 'strict-origin-when-cross-origin',
+          },
+          {
+            key: 'permissions-policy',
+            value:
+              'accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()',
+          },
+        ],
+      },
+    ];
+  },
 };
 
 module.exports = withContentlayer(config);