next-safe is a tool that helps secure your Next.js apps by providing sensible defaults for common security headers. It includes features like Content-Security-Policy, Permissions-Policy, Referrer-Policy, X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection. You can find the full documentation at trezy.gitbook.io/next-safe.
To install next-safe, follow these steps:
npm install next-safe
import nextSafe from 'next-safe';
// Example of setting up Content-Security-Policy
app.use(nextSafe({
ContentSecurityPolicy: {
'default-src': ["'none'"],
'script-src': ["'self'", 'trusted-cdn.com'],
'style-src': ["'self'", 'fonts.googleapis.com'],
}
}));
next-safe is a valuable tool for securing Next.js apps by configuring important security headers with sensible defaults. With features like Content-Security-Policy and Permissions-Policy, developers can easily enhance the security of their applications. Installation is straightforward and well-documented on trezy.gitbook.io/next-safe.