How to set the http response headers in NextJS websites
The importance of the http response headers is highly needed to protect the websites from hackers. If you poorly managed the response header, then one day the website will be compromised to the hacker.
Response headers are common to all the web applications that are created on any technology. I have already had blog post is related to the HTTP response headers.
What is HTTP security headers?
The HTTP security headers are specifically about the security of the web application while doing the communication between the client and server.
An HTTP header is a response by a web server to a browser that is trying to access a web page.
As I said, setting the response headers in websites will be different in different technology.
I just wanted to let you know how to set the response headers in NextJS. For that you have to follow some simple steps.
For your information, we are going to make changes to the next.config.js file. If you do not have the file, please create a file with next.config.js name in the root of the application.
next.config.js
next.config.js is a regular Node.js module, not a JSON file. It gets used by the Next.js server and build phases, and it's not included in the browser build.
In the below code snippet, I have stored all the necessary security headers as array in a variable.
const securityHeaders = [
{
key: "Permissions-Policy",
value: "camera=(), microphone=(), geolocation=(), browsing-topics=()",
},
{
key: "X-DNS-Prefetch-Control",
value: "on",
},
{
key: "X-Frame-Options",
value: "SAMEORIGIN",
},
{
key: "X-XSS-Protection",
value: "1; mode=block",
},
{
key: "Strict-Transport-Security",
value: "max-age=63072000; includeSubDomains; preload",
},
{
key: "referrer-policy",
value: "origin-when-cross-origin",
},
{
key: "x-content-type-options",
value: "nosniff",
},
];
Create an async function "headers" on next.config.js export array. The function name headers is reserved for http response headers feature.
The code is given below for your reference.
module.exports = {
async headers() {
return [
{
// Apply these headers to all routes in your application.
source: "/posts/:slug",
headers: securityHeaders,
},
{
// Apply these headers to all routes in your application.
source: "/(.*)",
headers: securityHeaders,
},
];
},
};
The function return should be an array, containing object should in the following format
[
{
source:"url",
headers:<headers>
}
]
Once you exported the function, then the securityHeaders will be attached to the URL response.
More Stories
Cross-Origin Resource Sharing (CORS) is a security feature that lets a web page from one domain request resources from a different domain
SVG elements will not add the accessibility atttributes by default, so that will fail to describe by itself, and the NVDA and other screen reader required these attributes to work.
Despite being acquainted with git, many developers struggle to resolve these conflicts due to a lack of understanding of how to pull the conflict details into their local machines.
Firebase Authentication is one of its gems, allowing you to add user authentication effortlessly. It's secure, reliable, and comes with Google's seal of approval.
![[Solved] Firebase auth/invalid-api-key error when setting the values in the environment variable on NextJS?](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2Fenv-variable-thump.jpg&w=3840&q=50)
Why am I getting an auth/invalid-api-key error when setting the Firebase values in the environment variable on NextJS ?
Enzyme Internal Error: Enzyme expects an adapter to be configured, but found none.
![[Solved] How to download SVG as PNG file](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2Fsvg-to-png-thumb.jpg&w=3840&q=50)
Easist way of downloading the SVG file as PNG file is done using javascript snippet
To keep the code is safe and distrubuted between multiple resources that been achieved with the help of GIT
An HTTP header is a response by a web server to a browser that is trying to access a web page.
![[Solved] How to create Application insight access token](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2Faccess-key-thump.jpg&w=3840&q=50)
Application Insights is an feature of Azure Monitor and it provides application performance monitoring features. APM tools are very useful to analyse applications from development, testing and production release.
A lazy function lets you defer the loading of a components code until it is rendered for the first time. Before, it will remain in the bundle. So that we can reduce the load of the application.
We covered most asked questions for Javascript interview and their answers
we are displaying these emojis with the help of ASCII code and it is not that easy to remember because its a mix of numeric and special characters.
ES6 or the ECMAScript 2015 is the major edition of ECMAScript language, it introduced several new features which are very special to the developers
what are the new features among the various versions of ECMA script and what is difference
![[Solved] How to squash the number of commits from a branch in Git](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2Fdelete-commits-git-thump.jpg&w=3840&q=50)
We can squash the number of commits from a git branch
![[Solved] Your focus-trap must have at least one container with at least one tabbable node in it at all times](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2Ffocus-trap-thumb.jpg&w=3840&q=50)
Your focus-trap must have at least one container with at least one tabbable node in it at all times, when using dialog or modal in ReactJS or other front-end framework
Writing test cases for modal popup in jest
![[Solved] Uncaught TypeError: Cannot read property 'location' of undefined](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2FuseLocation_testcases-thump.jpg&w=3840&q=50)
Cannot read property location of undefined, this is an common test cases error in react jest while using useLocation hook in your react component
![[Solved] Missing ID attributes in markdown to html](/_next/image?url=%2Fassets%2Fblog%2Fcovers%2Fmark-id-missing-thumb.jpg&w=3840&q=50)
There is a common problem when parsing the markdown file the ID attribute is missing in the element, here we found a solution to fix/overcome
It is basicall demonstrating how to find the fibanocci, amstrong, prime numbers and pyramid pattern using javascript.
Markdown is a lightweight markup language that you can use to add formatting elements to plaintext text documents.
There are few development tips for Javascript array operation, these tips will reduce your development time.
For every website the Sitemap will be playing important role for SEO performance. In Ecommerce and other consumer websites also SEO have important role for developing their revenue.
This question is very usual, to get solve this issue by using the browser property user agent to check whether the device type.
What are the possible ways to create objects in JavaScript, The traditional way to create an empty object is using the Object constructor. But currently this approach is not recommended.