Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use middleware to add nonce and CSP headers #553

Merged
merged 7 commits into from
Nov 1, 2024
Merged

Use middleware to add nonce and CSP headers #553

merged 7 commits into from
Nov 1, 2024

Conversation

hursey013
Copy link
Contributor

@hursey013 hursey013 commented Oct 10, 2024
edited
Loading

Changes proposed in this pull request:

  • Refactors middleware to allow chaining of multiple middlewares
  • Refactors Next/Image to remove inline styles
  • Add CSP headers and nonce via middleware

Related issues

https://www.58bits.com/blog/chaining-or-combining-nextjs-middleware
https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy
https://github.com/vercel/next.js/tree/canary/examples/with-strict-csp
vercel/next.js#45184

Submitter checklist

  • Added logging is not capturing sensitive data and is set to an appropriate level (DEBUG vs INFO etc)
  • Updated relevant documentation (README, ADRs, explainers, diagrams)

Security considerations

None

@hursey013 hursey013 requested a review from a team as a code owner October 10, 2024 17:39
echappen
echappen reviewed Oct 23, 2024
View reviewed changes
Copy link
Contributor

@echappen echappen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all of this work, Brian, I really like the separation of concerns this approach takes. There are some concepts which I'd like to better understand before I approve. LMK if a chat would be better.

src/components/Image.tsx Show resolved Hide resolved
src/components/Image.tsx Show resolved Hide resolved
src/components/Overlays/OverlayHeaderUsername.tsx Outdated Show resolved Hide resolved
src/middlewares/withAuth.ts Show resolved Hide resolved
src/components/Image.tsx Show resolved Hide resolved
@hursey013 hursey013 merged commit 5684a98 into main Nov 1, 2024
3 checks passed
@hursey013 hursey013 deleted the bh-csp-headers branch November 1, 2024 18:20
hursey013 added a commit that referenced this pull request Nov 1, 2024
@hursey013
Merge pull request #553 from cloud-gov/bh-csp-headers
61de4e1 
Use middleware to add nonce and CSP headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@echappen echappen echappen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hursey013 @echappen